design for security
play

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 - PowerPoint PPT Presentation

Feb 22, 2024 •203 likes •1.34k views

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security Good user experience design and good security cannot exist without each other Everyone deserves to be secure without being experts We need to

  1. Design for Security Serena Chen | @Sereeena | O’Reilly Velocity 2018

  3. Usability Security

  4. Good user experience design and good security cannot exist without each other

  5. Everyone deserves to be secure without being experts

  6. We need to stop expecting people to become security experts

  7. “I don’t care about security.” –Everyone not watching Mr Robot right now

  8. “Given a choice between dancing pigs and security, the user will pick dancing pigs every time.” –MCGRAW, G., FELTEN, E., AND MACMICHAEL, R. 
 Securing Java: getting down to business with mobile code. Wiley Computer Pub., 1999

  9. CATS “Given a choice between dancing pigs and security, the user will pick dancing CATS pigs every time.” –Serena Chen, not allowed pets in her apartment

  16. Shaming people is lazy

  17. Obligatory xkcd: https://xkcd.com/149/

  18. “I don’t care about security.” –Everyone not watching Mr Robot right now

  19. “I care!!!” –Serena Chen, lone nerd screaming into the void

  24. Design thinking is another tool in the problem solving tool belt

  25. For your consideration: 1. 2. 3. 4.

  26. For your consideration: 1. Paths of Least Resistance 2. 3. 4.

  27. Paths of Least Resistance

  31. To stop internet, press firmly

  33. Consider the 
 “secure by default” principle

  36. Normalise security

  38. Group similar tasks

  39. People are lazy efficient

  40. Align your goals with the end user’s goals

  42. “I KNOW HOW TO INTERNET”

  43. “I KNOW HOW TO INTERNET” —Serena Chen, 
 a Real Human Adult ™

  44. “I KNOW HOW TO INTERNET” —Serena Chen, 
 a Real Human Adult ™

  45. Path of (Perceived) Least Resistance

  46. “Each false alarm reduces the credibility of a warning system.” –S. Breznitz and C. Wolf. The psychology of false alarms. 
 Lawrence Erbaum Associates, NJ, 1984

  47. Anderson et al. How polymorphic warnings reduce habituation in the brain: Insights from an fMRI study. In Proceedings of CHI , 2015

  48. Shadow IT is a massive vulnerability

  52. Illustration by Megan Pendergrass

  53. Fixing bad paths • Use security tools for security concerns , not management concerns • If you block enough non-threats, people will get really good at subverting your security

  54. Building good paths • Don’t make me think! • Make the secure path the easiest path • e.g. BeyondCorp model at Google

  55. “We designed our tools so that the user- facing components are clear and easy to use. […] For the vast majority of users, BeyondCorp is completely invisible. –V. M. Escobedo, F. Zyzniewski, B. (A. E.) Beyer, M. Saltonstall, “BeyondCorp: The User Experience”, Login, 2017

  57. Align your goals with the end user’s goals

  58. For your consideration: 1. Paths of Least Resistance 2. 3. 4.

  59. For your consideration: 1. Paths of Least Resistance 2. Intent 3. 4.

  60. Intent

  61. Tension between usability and security happens when we cannot accurately determine intent.

  62. “make it easy” “lock it down”

  63. It is not our job to make everything easy

  64. It is not our job to make everything locked down

  65. Our job is to make a specific action • that a specific user wants to take • at that specific time • in that specific place …easy Everything else we can lock down.

  66. Knowing intent = usability and security without compromise

  71. For your consideration: 1. Paths of Least Resistance 2. Intent 3. 4.

  72. For your consideration: 1. Paths of Least Resistance 2. Intent 3. (Mis)communication 4.

  73. (Mis)communication

  74. Wherever there is a miscommunication, there exists a human security vulnerability.

  75. What are you unintentionally miscommunicating?

  77. Wherever there is a miscommunication, there exists a human security vulnerability.

  82. (I didn’t actually do this)

  83. https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

  84. Do your end users know 
 what you’re trying to communicate?

  85. What is their mental model of what’s happening, compared to yours?

  86. For your consideration: 1. Intent 2. Path of Least Resistance 3. (Mis)communication 4.

  87. For your consideration: 1. Intent 2. Path of Least Resistance 3. (Mis)communication 4. Mental model matching

  88. Mental models

  89. It’s the user’s expectations that define whether a system is secure or not.

  92. “A system is secure from a given user’s perspective if the set of actions that each actor can do are bounded by what the user believes it can do .” –Ka-Ping Yee, “User Interaction Design for Secure Systems”, 
 Proc. 4th Int’l Conf. Information and Communications Security, Springer-Verlag, 2002

  93. Find their model, match to that + Influence their model, match to system

  94. Find their model • Go to customer sessions! • Observe end users • Infer intent through context

  95. Influence their model • When we make, we teach • Whenever someone interacts with us / 
 a thing we made, they learn. • Path of least resistance becomes the default “way to do things”.

  96. How are we already influencing users’ models?

  97. iOS Phish https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking

  98. What are we teaching?

  99. “I KNOW HOW TO INTERNET” —Serena Chen, 
 a Real Human Adult ™

Recommend

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv INTRO / Who We Are We are Nguyet & Doug Collectively,

634 views • 39 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy & Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012 1 Content of Todays Lecture Summary and Wrap up on Security Terminology The Fundamental Dilemma of Security Five Design Principles

801 views • 25 slides
What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Nguyet Vuong

What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Nguyet Vuong

What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv We are Nguyet & Doug

1.42k views • 45 slides
Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security

Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security

www.geogrid.org Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security Security Yoshio Tanaka National Institute of Advanced Industrial Science and Technology (AIST) Japan 1 www.geogrid.org W hat is the

463 views • 18 slides
OPG Leadership Series Solaris Security Design Kickoff, Considerations September, 2005 Casper

OPG Leadership Series Solaris Security Design Kickoff, Considerations September, 2005 Casper

OPG Leadership Series Solaris Security Design Kickoff, Considerations September, 2005 Casper Dik Sun Microsystems, Inc. Solaris Security Design Principles Or how ten years changed my perspective on security History of fixes and hardening

581 views • 37 slides
Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Software Security: Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016 Robustness Security bugs are a fact of life How can we use access control to improve the security of software, so security bugs

695 views • 32 slides
IBM AES3 Comments MARS Unique heterogeneous design Comprehensive security analysis

IBM AES3 Comments MARS Unique heterogeneous design Comprehensive security analysis

IBM AES3 Comments MARS Unique heterogeneous design Comprehensive security analysis Security was primary design goal Ability to analyze was an important goal (unbalanced Feistel, choice of ops, ) Reflected in analyses

269 views • 5 slides
FPGA security Nele Mentens nele.mentens@kuleuven.be Design and security of cryptographic

FPGA security Nele Mentens nele.mentens@kuleuven.be Design and security of cryptographic

FPGA security Nele Mentens nele.mentens@kuleuven.be Design and security of cryptographic algorithms and devices for real-world applications June 1-6, 2014, ibenik , Croatia Outline Introduction FPGA vs. ASIC FPGA application

443 views • 17 slides
CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates for the slides. CS 423: Operating Systems Design Security Properties Confidentiality? Integrity? Availability? Authenticity? CS

437 views • 22 slides
Mutually Agreed Norms for Routing Security manrs@isoc.org Insecurity by Design When the Internet

Mutually Agreed Norms for Routing Security manrs@isoc.org Insecurity by Design When the Internet

Mutually Agreed Norms for Routing Security manrs@isoc.org Insecurity by Design When the Internet was developed, they didnt build in security by design. The objective was resilience, simplicity and ease of deployment That created the Internet

791 views • 41 slides
Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction to Computer Security Secure use of the OS Defensive programming and design, contd Announcements intermission Stephen McCamant Bernsteins

535 views • 8 slides
Security Objectives and Design Information Security Management Dr Hans Georg Schaathun

Security Objectives and Design Information Security Management Dr Hans Georg Schaathun

Security Objectives and Design Information Security Management Dr Hans Georg Schaathun University of Surrey Autumn 2010 Week 2 Dr Hans Georg Schaathun Security Objectives and Design Autumn 2010 Week 2 1 / 54 The session Outline

1.55k views • 138 slides
Secure Logic Styles ECRYPT II summer school on Design and Security of Cryptographic Algorithms

Secure Logic Styles ECRYPT II summer school on Design and Security of Cryptographic Algorithms

Embedded Security Group Secure Logic Styles ECRYPT II summer school on Design and Security of Cryptographic Algorithms and Devices 1. June 2011 Amir Moradi Embedded Security Group Agenda Power Consumption Characteristics of CMOS Circuits

387 views • 24 slides
Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3 D ANIELE

Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3 D ANIELE

CPS-SPC 17 @ Dallas, US Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3 D ANIELE A NTONIOLI , H. R. G HAEINI , S. A DEPU , M. O CHOA , N. O. T IPPENHAUER Singapore University of Technology and Design

524 views • 24 slides
Design Principles for Security-conscious Systems 1 Overview Design principles from Saltzer

Design Principles for Security-conscious Systems 1 Overview Design principles from Saltzer

Design Principles for Security-conscious Systems 1 Overview Design principles from Saltzer & Schroeders 1975 paper A few case studies What did Saltzer-Schroeder overlook? (Personal opinions) 2 Saltzer and Schroeders

780 views • 45 slides
Secure Design: A Better Bug Repellent Christoph Kern, IEEE SecDev '17 Security Defects

Secure Design: A Better Bug Repellent Christoph Kern, IEEE SecDev '17 Security Defects

Secure Design: A Better Bug Repellent Christoph Kern, IEEE SecDev '17 Security Defects Implementation Bugs Shallow & Localized Patchable Straightforward & Testable Image credit: Vaniato/Shutterstock.com Design Flaws Deep &

414 views • 28 slides
On the design of security games: From frustrating to engaging learning 2016 USENIX Advances in

On the design of security games: From frustrating to engaging learning 2016 USENIX Advances in

On the design of security games: From frustrating to engaging learning 2016 USENIX Advances in Security Education Workshop August 9, 2016 Jan Vykopal , Milo Bartk Masaryk University, Brno Who am I? Ph.D. graduate in flow-based intrusion

291 views • 17 slides
Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR

3.12k views • 64 slides
Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini Nagar 1 CONTENTS Security Characterizing Security General Scenario Tactics for Security A Design Checklist for Security Summary 2 01

487 views • 25 slides
Making Sound Design Decisions Using Quantitative Security Metrics Bill Sanders 1 The Problem:

Making Sound Design Decisions Using Quantitative Security Metrics Bill Sanders 1 The Problem:

7/8/2014 Making Sound Design Decisions Using Quantitative Security Metrics Bill Sanders 1 The Problem: Assessing Security and Resilience Systems operate in adversarial environments Adversaries seek to degrade system operation by affecting

363 views • 19 slides
Tutorial: Security patterns and secure systems design using UML Eduardo B. Fernandez and Maria

Tutorial: Security patterns and secure systems design using UML Eduardo B. Fernandez and Maria

Tutorial: Security patterns and secure systems design using UML Eduardo B. Fernandez and Maria M. Larrondo Petrie Dept. of Computer Science and Eng. Florida Atlantic University www.cse.fau.edu/~security {ed, maria}@cse.fau.edu ICWMC/ICCGI

2.27k views • 184 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Hadoop Security Design? Just Add Kerberos? Really? Andrew Becherer Black Hat USA 2010

Hadoop Security Design? Just Add Kerberos? Really? Andrew Becherer Black Hat USA 2010

Hadoop Security Design? Just Add Kerberos? Really? Andrew Becherer Black Hat USA 2010 https://www.isecpartners.com Agenda Conclusion What is Hadoop Old School Hadoop Risks The New Approach to Security Concerns

300 views • 29 slides

More recommend