论文信息 - Humans in the Loop Human – Computer Interaction and Security

Humans in the Loop Human – Computer Interaction and Security

75 secure systems exist to serve human users and carry out human-oriented processes, and are designed and built by humans. From the perspective of the human-computer interaction (HCI) community , many of these interfaces do not reflect good thinking on how to make them easy to use in a manner that results in security. From the perspective of the security community, many widespread security problems arguably might stem from bad interaction between humans and systems. I recently attended a workshop (ACM/CHI 2003 Workshop on Human-Computer Interaction and Security Systems; www.andrew patrick.ca/CHI2003/HCISEC) that tried to bring together these communities to trigger further inquiry into this area. In this article, I want to discuss the workshop and how the thinking there applies to the secure systems topic this department addresses. If I stood up on a soapbox in a room-ful of security colleagues and said, " It's been 30 years and we're still fielding insecure systems, so we must be doing something fundamentally wrong, " nothing would be thrown at me—although debate might rage about exactly what we're doing wrong and how to fix it. But I'm going to go a bit further (because if you're standing on a soapbox and nothing gets thrown at you, then you're not trying hard enough). Support is growing for the thesis that a root cause of the pervasive (in)secu-rity problem is the interaction between humans and computers— we're trying to secure a system that embodies human processes and includes human users, but we restrict our analysis and designs to the computers themselves. Perhaps this thesis received its fullest expression at the ACM/CHI 2003 workshop, which Andrew Patrick and Scott Flinn of the National Research Council of Canada and Chris Long of Carnegie Mellon University organized. However, the thesis has a longer history. Informal anecdotes from veterans of the Orange Book (the essentially defunct US Department of Defense initiatives to specify and validate secure computing systems) lament how, in multilevel security (MLS) systems, everything ended up at maximum security level because otherwise it was too difficult to get any work done. Bob Blakely of Tivoli Systems jokes about the password rules: they should be too difficult for you to remember , but you should never write them down. In their textbook, Charlie Kauf-man, Radia Perlman, and Mike Speciner discussed the difficulty of designing security when humans are in the loop: " Humans are incapable of securely …

Angela Sasse | A. Sasse

[1] Sean W. Smith,et al. Trusted paths for browsers , 2002, TSEC.

[2] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[3] R. Asokan,et al. Digital signatures and electronic documents: a cautionary tale , 2002, Communications and Multimedia Security.

[4] Radia J. Perlman,et al. Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[5] Ka-Ping Yee,et al. User Interaction Design for Secure Systems , 2002, ICICS.

[6] Sean W. Smith,et al. Keyjacking: Risks of the Current Client-side Infrastructure , 2003 .