part 5 usability and security
play

Part 5 Usability and Security Cognitive Errors, Usability vs. - PowerPoint PPT Presentation

Mar 25, 2023 •654 likes •1.76k views

Phd course on Formal modelling and analysis of interactive systems Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone United Nations University International Institute for Software Technology

  1. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Usability: Def. and Aims The ease of use and learnability of a human-made object. [Wikipedia] (accessed in 2010) Should also aim to prevent user errors Or at least to decrease likelihood or severity of user errors, which may lead to • system failure • catastrophic consequences A. Cerone, UNU-IIST – p.12/52

  2. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Usability vs. Security A. Cerone, UNU-IIST – p.13/52

  3. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Usability vs. Security • Usable Security • security mechanisms may decrease usability A. Cerone, UNU-IIST – p.13/52

  4. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Usability vs. Security • Usable Security • security mechanisms may decrease usability • Secure Usability A. Cerone, UNU-IIST – p.13/52

  5. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Usability vs. Security • Usable Security • security mechanisms may decrease usability • Secure Usability • poor usability decrease security A. Cerone, UNU-IIST – p.13/52

  6. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Usability vs. Security • Usable Security • security mechanisms may decrease usability • Secure Usability • poor usability decrease security • usability should increase security A. Cerone, UNU-IIST – p.13/52

  7. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Usability vs. Security • Usable Security • security mechanisms may decrease usability • Secure Usability • poor usability decrease security • usability should increase security • usability may decrease security A. Cerone, UNU-IIST – p.13/52

  8. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Usability vs. Security • Usable Security • security mechanisms may decrease usability • Secure Usability • poor usability decrease security • usability should increase security • usability may decrease security = ⇒ security mechanisms may decrease usability = ⇒ poor usability = ⇒ decrease security A. Cerone, UNU-IIST – p.13/52

  9. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Usability vs. Security • Usable Security • security mechanisms may decrease usability • Secure Usability • poor usability decrease security • usability should increase security • usability may decrease security = ⇒ security mechanisms may decrease usability = ⇒ poor usability = ⇒ decrease security = ⇒ security mechanisms may decrease security A. Cerone, UNU-IIST – p.13/52

  10. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Groupware Case Study A. Cerone, UNU-IIST – p.14/52

  11. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Groupware Term for applications written to implement • Computer-supported cooperative work (CSWC) A. Cerone, UNU-IIST – p.15/52

  12. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Groupware Term for applications written to implement • Computer-supported cooperative work (CSWC) HCI = ⇒ single user multidisciplinary around axis psychology–computing A. Cerone, UNU-IIST – p.15/52

  13. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Groupware Term for applications written to implement • Computer-supported cooperative work (CSWC) HCI = ⇒ single user multidisciplinary around axis psychology–computing CSWC = ⇒ group of users multidisciplinary around axis sociolology–computing A. Cerone, UNU-IIST – p.15/52

  14. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Groupware Term for applications written to implement • Computer-supported cooperative work (CSWC) HCI = ⇒ single user multidisciplinary around axis psychology–computing CSWC = ⇒ group of users multidisciplinary around axis sociolology–computing = ⇒ security issues A. Cerone, UNU-IIST – p.15/52

  15. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Case Study: Web Interface A conference support web-basd tool that • provides information on the event • establishes a community via registration • enables users to share their ideas, interests, etc. via discussion forum • facilitates communication between users via creation of personal profiles A. Cerone, UNU-IIST – p.16/52

  16. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Web Design Home Forum User Profiles Message Profile A. Cerone, UNU-IIST – p.17/52

  17. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Web Pages • Home to provide general information and materials about the conference and to set up own profile • Forum to browse posted messages and to post new messages • Message to analyse a posted message (possibly looking at the sender’s profile), and post a reply to it • User Profiles to browse users’ profiles • Profile to analyse other users’profiles (possibly looking at the messages they sent), and contact matching users A. Cerone, UNU-IIST – p.18/52

  18. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Web Interface Entry logout enter forum users post Forum Home User Profiles home home forum read-message back-to-forum back-to-users setup-profile read-profile users read-profile reply contact Message Profile read-message A. Cerone, UNU-IIST – p.19/52

  19. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References User Privileges OutUser t logout u o g o login l no-profile p r o fi l e InUser Member setup-profile read-message read-message read-profile read-profile post reply contact A. Cerone, UNU-IIST – p.20/52

  20. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Interface enter read-message OutUser Entry read-profile post reply forum no-profile home logout profile users contact back-to-users setup-profile back-to-forum OutUser � Entry A. Cerone, UNU-IIST – p.21/52

  21. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References User Behaviour User: A conference participant Scenario: The persona tries to • gather information • find/contact other users • express his/her ideas using the website. A. Cerone, UNU-IIST – p.22/52

  22. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References User Goal Gather In- formation gather achieved achieved login Establish Goal establish Goals Contact Achieved express achieved Express Ideas A. Cerone, UNU-IIST – p.23/52

  23. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References User Goal logout Gather In- formation gather achieved gather achieved login Establish Goal establish Goals Contact Achieved express establish achieved express Express Ideas A. Cerone, UNU-IIST – p.23/52

  24. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References User Goal logout Gather In- formation gather achieved gather achieved login Establish Goal establish Goals Contact Achieved express establish achieved express Express unattended Ideas unattended long-delay short-delay Unauthorised A. Cerone, UNU-IIST – p.23/52

  25. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Establish Contact logout g a t h r e e h r t a g achieved l o g i n Establish Goal establish Goals Contact Achieved establish e x p r e s express s unattended unattended long-delay short-delay Unauthorised A. Cerone, UNU-IIST – p.24/52

  26. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Establish Contact logout read-message g a t h r e e read-profile h r t a g contact achieved l o g i n Establish Goal establish Goals Contact Achieved establish e x p r e s express s failure logout unattended unattended long-delay short-delay Unauthorised A. Cerone, UNU-IIST – p.24/52

  27. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References The Overall System enter login read-message read-message OutUser Entry Goals read-profile read-profile post post gather reply forum reply establish no-profile home express logout logout profile users leave contact contact back-to-users short-delay setup-profile failure back-to-forum long-delay SYSTEM = ( OutUser [| ... |] Entry ) [| { login , ... , failure } |] Goals A. Cerone, UNU-IIST – p.25/52

  28. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Group of Users Interaction Aspects • local group of users interacting with a single shared interface rather than distributed group of users interacting among each other through the system A. Cerone, UNU-IIST – p.26/52

  29. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Group of Users Interaction Aspects • local group of users interacting with a single shared interface rather than distributed group of users interacting among each other through the system • sequence of users A. Cerone, UNU-IIST – p.26/52

  30. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Group of Users Interaction Aspects • local group of users interacting with a single shared interface rather than distributed group of users interacting among each other through the system • sequence of users Security Aspects • distinct users may have different privileges A. Cerone, UNU-IIST – p.26/52

  31. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Group of Users Interaction Aspects • local group of users interacting with a single shared interface rather than distributed group of users interacting among each other through the system • sequence of users Security Aspects • distinct users may have different privileges • users may act as authorised or unauthorised A. Cerone, UNU-IIST – p.26/52

  32. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Authorised vs. Unauthorised Actions are attempted and may result in • either success • or failure A. Cerone, UNU-IIST – p.27/52

  33. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Authorised vs. Unauthorised Actions are attempted and may result in • either success • or failure Authorised User • is supposted to result in success Unauthorised User • is supposted to result in failure A. Cerone, UNU-IIST – p.27/52

  34. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References User Goal logout Gather In- formation gather achieved gather achieved login Establish Goal establish Goals Contact Achieved express establish achieved express Express unattended Ideas unattended long-delay short-delay Unauthorised A. Cerone, UNU-IIST – p.28/52

  35. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Strong Security The property of strong security is expressed as follows If the goal is achieved then user actions • either never result in success (unauthorised user) • or do not result in success until the user establish a new goal or performs a logout (authorised user) A. Cerone, UNU-IIST – p.29/52

  36. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Strong Security The property of strong security is expressed as follows If the goal is achieved then user actions • either never result in success (unauthorised user) • or do not result in success until the user establish a new goal or performs a logout (authorised user) ✷ achieved → ( ¬ success W ( goal ∨ logout )) A. Cerone, UNU-IIST – p.29/52

  37. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Authorised o u t l o g Gather In- formation r achieved e h t a g gather achieved g o a l Establish Goal establish Authorised Contact Achieved express establish achieved express Express login unattended Ideas unattended User long-delay short-delay Unauthorised A. Cerone, UNU-IIST – p.30/52

  38. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Unauthorised User unattended User long-delay short-delay read-message logout read-profile Unauthorised post reply contact success failure A. Cerone, UNU-IIST – p.31/52

  39. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Non Expert User logout back-to-forum achieved back-to-users NonExpert home users unattended forum unattended logout A. Cerone, UNU-IIST – p.32/52

  40. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References NonForgetful Users logout back-to-forum achieved back-to-users NonExpert home users unattended forum unattended logout logout logout achieved NonForgetful A. Cerone, UNU-IIST – p.33/52

  41. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References NonForgetful Users logout back-to-forum achieved back-to-users NonExpert home users unattended forum unattended logout logout logout achieved NonForgetful ( SYSTEM � NonExpert ) [| { achieved, logout, unattended } |] NonForgetful A. Cerone, UNU-IIST – p.33/52

  42. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References NonForgetful Users logout back-to-forum achieved back-to-users NonExpert home users unattended forum unattended logout logout logout achieved NonForgetful ( SYSTEM � NonExpert ) [| { achieved, logout, unattended } |] NonForgetful • The property does not hold! A. Cerone, UNU-IIST – p.33/52

  43. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Web Interface Entry logout enter forum users post Forum Home User Profiles home home forum read-message back-to-forum back-to-users setup-profile read-profile users read-profile reply contact Message Profile read-message A. Cerone, UNU-IIST – p.34/52

  44. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Expertise logout back-to-users back-to-forum achieved back-to-users Expert home users back-to-forum unattended forum unattended home logout logout home ( SYSTEM � Expert ) A. Cerone, UNU-IIST – p.35/52

  45. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Expertise logout back-to-forum achieved back-to-users NonExpert home users unattended forum unattended logout ( SYSTEM � NonExpert ) A. Cerone, UNU-IIST – p.35/52

  46. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Web Interface Entry logout enter forum users post Forum Home User Profiles home home forum read-message back-to-forum back-to-users setup-profile read-profile users read-profile reply contact Message Profile read-message A. Cerone, UNU-IIST – p.36/52

  47. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Web Interface 1 Entry logout enter forum users post Forum Home User Profiles home home forum read-message back-to-forum back-to-users setup-profile read-profile users read-profile reply contact Message Profile read-message A. Cerone, UNU-IIST – p.37/52

  48. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Web Interface 1 Entry logout enter forum users post Forum Home User Profiles home home forum read-message back-to-forum back-to-users setup-profile read-profile users read-profile reply contact Message Profile read-message A. Cerone, UNU-IIST – p.37/52

  49. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Web Interface 2 Entry logout logout logout enter forum users post Forum Home User Profiles home home forum read-message back-to-forum back-to-users setup-profile read-profile users read-profile reply contact Message Profile read-message A. Cerone, UNU-IIST – p.38/52

  50. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Web Interface 2 Entry logout logout logout enter forum users post Forum Home User Profiles home home forum read-message back-to-forum back-to-users setup-profile read-profile users read-profile reply contact Message Profile read-message The property • holds on ( ( SYSTEM � NonExpert ) [| ... |] NonForgetful ) • does not hold on ( SYSTEM � NonExpert ) A. Cerone, UNU-IIST – p.38/52

  51. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Web Interface 3 Entry short-delay short-delay logout enter forum users post Forum Home User Profiles home home forum read-message back-to-forum back-to-users setup-profile read-profile users logout read-profile reply contact Message Profile read-message long-delay short-delay short-delay timeout A. Cerone, UNU-IIST – p.39/52

  52. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Quick Timeout Assumption: No authorised user may enter an unattended session within a time period shorter (short-delay) than the delay (long-delay) that triggers the timeout A. Cerone, UNU-IIST – p.40/52

  53. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Quick Timeout Assumption: No authorised user may enter an unattended session within a time period shorter (short-delay) than the delay (long-delay) that triggers the timeout back-to-forum long-delay Quick timeout back-to-users Timeout home users logout forum logout A. Cerone, UNU-IIST – p.40/52

  54. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Quick Timeout Assumption: No authorised user may enter an unattended session within a time period shorter (short-delay) than the delay (long-delay) that triggers the timeout back-to-forum long-delay Quick timeout back-to-users Timeout home users logout forum logout The property • holds on ( ( SYSTEM � NonExpert ) [| ... short-delay ... |] QuickTimeout ) • does not hold on ( SYSTEM � NonExpert ) A. Cerone, UNU-IIST – p.40/52

  55. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Violation Prevention Previous safeguards just reduce the likelihood of security violations A. Cerone, UNU-IIST – p.41/52

  56. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Violation Prevention Previous safeguards just reduce the likelihood of security violations Can we introduce a mechanism to prevent any unauthorised user entering an unattended session from performing interactions with the system? A. Cerone, UNU-IIST – p.41/52

  57. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Violation Prevention Previous safeguards just reduce the likelihood of security violations Can we introduce a mechanism to prevent any unauthorised user entering an unattended session from performing interactions with the system? What about avoiding • masquerading threats A. Cerone, UNU-IIST – p.41/52

  58. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Violation Prevention Previous safeguards just reduce the likelihood of security violations Can we introduce a mechanism to prevent any unauthorised user entering an unattended session from performing interactions with the system? What about avoiding • masquerading threats • confidentiality threats A. Cerone, UNU-IIST – p.41/52

  59. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Violation Prevention Previous safeguards just reduce the likelihood of security violations Can we introduce a mechanism to prevent any unauthorised user entering an unattended session from performing interactions with the system? What about avoiding • masquerading threats • confidentiality threats • both masquerading and confidentiality threats A. Cerone, UNU-IIST – p.41/52

  60. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Web Interface 4 authenticated Entry s u c f c a i e l u r logout s enter e s post forum users Forum Home User Profiles home home forum read-message back-to-forum back-to-users setup-profile read-profile users read-profile contact Message Profile y l p read-message e r failure failure success s u c c e s s authenticated a u t h e n t i c a t A. Cerone, UNU-IIST – p.42/52 e d

  61. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References More Security Properties Does the previous property guarantee the absence of masquerading and/or confidentiality threats? A. Cerone, UNU-IIST – p.43/52

  62. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References More Security Properties Does the previous property guarantee the absence of masquerading and/or confidentiality threats? Yes!! Does it hold on System 4? A. Cerone, UNU-IIST – p.43/52

  63. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References More Security Properties Does the previous property guarantee the absence of masquerading and/or confidentiality threats? Yes!! Does it hold on System 4? No! Why? A. Cerone, UNU-IIST – p.43/52

  64. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References More Security Properties Does the previous property guarantee the absence of masquerading and/or confidentiality threats? Yes!! Does it hold on System 4? No! Why? Too strong! A. Cerone, UNU-IIST – p.43/52

  65. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References More Security Properties Does the previous property guarantee the absence of masquerading and/or confidentiality threats? Yes!! Does it hold on System 4? No! Why? Too strong! • masquerading prevention ✷ ( unattended → ¬ ( set-up ∨ contact ∨ post ∨ reply ) W logout ) A. Cerone, UNU-IIST – p.43/52

  66. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References More Security Properties Does the previous property guarantee the absence of masquerading and/or confidentiality threats? Yes!! Does it hold on System 4? No! Why? Too strong! • masquerading prevention ✷ ( unattended → ¬ ( set-up ∨ contact ∨ post ∨ reply ) W logout ) • confidentiality ✷ ( unattended → ¬ ( read-profile ∨ read-message ) W logout ) A. Cerone, UNU-IIST – p.43/52

  67. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Authentication Assumption: Only authorised users can be authenticated A. Cerone, UNU-IIST – p.44/52

  68. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Authentication Assumption: Only authorised users can be authenticated leave failure Authorised UnAuthorised failure logout authenticated ( ( SYSTEM � NonExpert ) � Authorised ) • The following property holds ✷ ( achieved → ¬ success U ( goal ∨ logout )) A. Cerone, UNU-IIST – p.44/52

  69. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Authentication Assumption: Only authorised users can be authenticated leave failure Authorised UnAuthorised failure logout authenticated ( ( SYSTEM � NonExpert ) � Authorised ) • If authentication is on read-message and read-profile then the following property holds ✷ ( unattended → ¬ ( read-profile ∨ read-message ) W logout ) A. Cerone, UNU-IIST – p.44/52

  70. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Strong Property Expertise NonForgetful Quick Timeout ( User ) ( User ) ( Web Interface ) Interface 1 FALSE FALSE + NonExpert FALSE TRUE + Expert Interface 2 - logout FALSE TRUE + NonExpert FALSE TRUE + Expert Interface 3 - timeout FALSE TRUE + NonExpert FALSE TRUE + Expert A. Cerone, UNU-IIST – p.45/52

  71. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Other Properties never-masquerading confidentiality FALSE FALSE Interface 4 - contact, post, reply TRUE FALSE (!) + Authorised FALSE FALSE Interface 5 - read-message, read-profile FALSE (!) TRUE + Authorised FALSE FALSE Interface 6 - all above actions TRUE TRUE + Authorised ✷ ( unattended → ¬ ( set-up ∨ contact ∨ post ∨ reply ) W logout ) ✷ ( unattended → ¬ ( read-profile ∨ read-message ) W logout ) A. Cerone, UNU-IIST – p.46/52

  72. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Intrusion The user model is based that • single user view • only honest goals A. Cerone, UNU-IIST – p.47/52

  73. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Intrusion The user model is based that • single user view • only honest goals Cleaner approach • intrusion goal (dishonest goal) A. Cerone, UNU-IIST – p.47/52

  74. FMAIS 5 — Pisa, Italy, 21 December 2010 Contents | Cognitive Errors | Usability and Security | Groupware | References Intrusion The user model is based that • single user view • only honest goals Cleaner approach • intrusion goal (dishonest goal) • masquerading goal • breaking confidentiality goal A. Cerone, UNU-IIST – p.47/52

Recommend

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security Browser SSL Password Encryption warnings schemes usability IT Security 40M consumer 153M end user Thousands of credit cards credentials

785 views • 39 slides
Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Introduction Security-usability threat model Security and usability evaluation Summary Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe Oxford University Computing Laboratory Availability,

829 views • 23 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 25: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science & Engineering

419 views • 4 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science & Engineering

219 views • 5 slides
Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271 Announcements intermission Introduction to Computer Security Usability and Voting combined slides Usable security example areas Stephen McCamant Elections

305 views • 8 slides
Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis Robbie MacGregor 5 th Who Are You?! Adventures in Authentication (WAY), Santa Clara, CA, USA, 2019. I did a thing so

132 views • 10 slides
Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Electronic voting System security of electronic voting Stephen McCamant Exercise sets 2

424 views • 10 slides
On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis Defense, Bochum, Germany, May 29, 2019 User Authentication Competing requirements of security and usability . [1] Common Factors: Knowledge ( Password ,

619 views • 34 slides
Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability Gap in Online Banking NSPW Presentation - Sep 19, 2007 Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van Oorschot Carleton University Mohammad Mannan Sep 19, 2007 1 Security

544 views • 22 slides
Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security Good user experience design and good security cannot exist without each other Everyone deserves to be secure without being experts We need to

1.34k views • 112 slides
Authentication Using Graphical Password: Effects of Increased Security on Usability William M.

Authentication Using Graphical Password: Effects of Increased Security on Usability William M.

Authentication Using Graphical Password: Effects of Increased Security on Usability William M. Martin Aaron G. Cass March 3, 2018 Introduction 01 Human Computer Interface Security (HCIsec) 02 Password Problem 03 Graphical User

633 views • 31 slides
Do gma 1 Deliverables from usability professionals must be highly usable Reports,

Do gma 1 Deliverables from usability professionals must be highly usable Reports,

Myths about usability testing Copies of Slides U X Day Graz 2013 F ive use rs will find 85% o f the usability pro ble ms Rolf Molich - and o the r myths abo ut DialogDesign usability te sting Do gma 1 Deliverables from

659 views • 18 slides
1 Usability - Usage - Security Workflow RESTful interface 2 What is AHE - Virtualises

1 Usability - Usage - Security Workflow RESTful interface 2 What is AHE - Virtualises

1 Usability - Usage - Security Workflow RESTful interface 2 What is AHE - Virtualises Application on the computational resource - Show components diagram 3 A number of constraints were placed on the design of AHE to ensure it met our

444 views • 32 slides
Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security

Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security

Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security Announcements intermission Day 23: Usability and security Stephen McCamant Usability and security University of Minnesota, Computer Science &

391 views • 8 slides
The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019

The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019

The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019 Hello! Im Joris van Rooij Software Architect at Jibe.Company From Eindhoven, the Netherlands J I B E . C O M P A N Y I like...

1.72k views • 144 slides
Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA

Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA

Technology Usability Lab in Privacy and Security Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA {FIRSTNAME.LASTNAME}@ED.AC.UK End users requirement of usability is starting to be acknowledged as a serious market

490 views • 23 slides
Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi

Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi

Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi Google, Inc. Rochester Institute of Technology kak@google.com rlaz@cs.rit.edu Symposium on Usable Privacy and Security (SOUPS) 2009 July 15th-17th,

272 views • 26 slides
CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on

CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on

CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on Computation and Society Harvard University 1 Administrivia Final Project Presentation Schedules are on the website. HW4 2 Tonight we will look at

520 views • 35 slides
Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security

Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security

Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security Tor and usability combined lecture Usability and security Stephen McCamant University of Minnesota, Computer Science & Engineering Usable

964 views • 9 slides
Preview question Officially the name of the Tor network is not an acronym, but the or part

Preview question Officially the name of the Tor network is not an acronym, but the or part

Preview question Officially the name of the Tor network is not an acronym, but the or part of the name originated from this technique it uses: CSci 5271 A. onion routing Introduction to Computer Security DoS, Tor, and usability combined

392 views • 10 slides
Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality

Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality

Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality of the users experience when interacting with a product or system How usable is the interface? Usability Measures Ease of learning

912 views • 24 slides
Systems and Algorithms for Smartphones Improved Security and Usability University of

Systems and Algorithms for Smartphones Improved Security and Usability University of

Systems and Algorithms for Smartphones Improved Security and Usability University of Perugia Perugia, Italy, March 28, 2011 Mauro Conti Vrije Universiteit Amsterdam Amsterdam, The Netherlands mconti@cs.vu.nl

759 views • 64 slides
USABILITY INTRODUCTION USABILITY AND USER INTERFACE DESIGN TO BE PREPARED FOR THIS CLASS YOU

USABILITY INTRODUCTION USABILITY AND USER INTERFACE DESIGN TO BE PREPARED FOR THIS CLASS YOU

USABILITY INTRODUCTION USABILITY AND USER INTERFACE DESIGN TO BE PREPARED FOR THIS CLASS YOU WILL HAVE WORKED THROUGH THE LYNDA.COM UX-1 SECTION. FOR THIS CLASS USABILITY WHAT is Usability? WHY is Usability important? USER

611 views • 21 slides
Web Design and Usability CSE 190 M (Web Programming) Spring 2007 University of Washington

Web Design and Usability CSE 190 M (Web Programming) Spring 2007 University of Washington

CSE 190 M: Web Design and Usability Page 1 Web Design and Usability CSE 190 M (Web Programming) Spring 2007 University of Washington References: J. Nielsen's Designing Web Usability (2) What is usability? usability: the effectiveness with

187 views • 6 slides

More recommend