论文信息 - Three Challenges for Embedding Security into Applications

Three Challenges for Embedding Security into Applications

In order to use them securely, current computer systems require end users to understand both the threats they are subject to and the details of technology necessary to protect against them. This is a requirement they have as of yet been unable to meet. We present thoughts about a new approach to building systems that are both usable and secure. Critically, we argue that this cannot be accomplished merely by providing a better interface on top of existing security technology and systems, that instead the underlying technology itself will need to change. We have begun a research program to build new, more usable security technologies and security-conscious applications. In this paper we present 3 interface design challenges we have found as a result of our experiences, and invite the HCI community to participate in addressing them.

Rebecca E. Grinter

[1] Sacha Brostoff,et al. Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[2] Diana K. Smetters,et al. Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[3] Helen Nissenbaum,et al. Users' conceptions of web security: a comparative study , 2002, CHI Extended Abstracts.

[4] Diana K. Smetters,et al. Moving from the design of usable security technologies to the design of useful secure applications , 2002, NSPW '02.

[5] M. Angela Sasse,et al. Users are not the enemy , 1999, CACM.

[6] Mark W. Newman,et al. Using speakeasy for ad hoc peer-to-peer collaboration , 2002, CSCW '02.

[7] J. Doug Tygar,et al. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[8] Ka-Ping Yee,et al. User Interaction Design for Secure Systems , 2002, ICICS.