usable security quo vadis
play

Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory - PowerPoint PPT Presentation

May 29, 2023 •242 likes •348 views

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory for Education and Research in Secure Systems Engineering lersse.ece.ubc.ca Electrical and Computer

  1. T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory for Education and Research in Secure Systems Engineering lersse.ece.ubc.ca Electrical and Computer Engineering

  2. I ’ m a security engineering guy who also works in HSISec research projects P 1 P n S C http://konstantin.beznosov.net http://lersse.ece.ubc.ca Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  3. Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  4. HCISec today is up … for a low hanging fruit ≈ 160 publications 80% in last 7 years Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  5. passwords, phishing, messaging important … but what about windows? Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  6. if the rest is not secure & usable locks won ’ t help Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  7. “the rest” is … policies & mechanisms how to device  authentication  select  cell phones  access control  acquire  PDAs  audit  install  pods  detection  integrate  laptops  confidentiality  configure  desktops  integrity  figure it out  servers  “privacy”  keep up-to-date  grids  recovery  use  monitor scale expertise level  notify  individuals  novice  react  groups  competent  replace  departments  power  organizations  admins Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  8. challenges HCISec folks 1. make the previous list green 2. better understand end users 3. standardized methodologies, benchmarks, and tools for usability evaluation security folks 1. make usability evaluation on par with • security analysis • performance evaluation Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  9. Konstantin (Kosta) Beznosov http://konstantin.beznosov.net Laboratory for Education and Research in Secure Systems Engineering (LERSSE) http://lersse.ece.ubc.ca Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

Recommend

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist junho.huh@honeywell.com Honeywell.com What is usable security? Building security solutions that are intuitive and easy to use Many security

350 views • 9 slides
Usable Security [finish] & Physical Security Spring 2016 Franziska (Franzi) Roesner

Usable Security [finish] & Physical Security Spring 2016 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security [finish] & Physical Security Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

395 views • 12 slides
Multivariate estimation of genetic parameters Quo vadis? Karin Meyer Animal Genetics and

Multivariate estimation of genetic parameters Quo vadis? Karin Meyer Animal Genetics and

Multivariate estimation of genetic parameters Quo vadis? Karin Meyer Animal Genetics and Breeding Unit, University of New England, Armidale AAABG 2011 REML - quo vadis? Quo vadis? Is a Latin phrase meaning: "Where are you

715 views • 37 slides
ECONOMIC DEVELOPMENT ASSOCIATION SCOTLAND PRESENTATION QUO VADIS DOMINI QUO VADIS DOMINI ! 2nd

ECONOMIC DEVELOPMENT ASSOCIATION SCOTLAND PRESENTATION QUO VADIS DOMINI QUO VADIS DOMINI ! 2nd

ECONOMIC DEVELOPMENT ASSOCIATION SCOTLAND PRESENTATION QUO VADIS DOMINI QUO VADIS DOMINI ! 2nd Century Landing point for Roman incursions into Scotland ! 7th Century Lothians absorbed into Kingdom of Northumbria ! origin of grand

346 views • 21 slides
DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research

DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research

DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research and Instruction in Technologies for Electronic Security Department of Computer Science University of Illinois at Chicago The Domain Name

598 views • 48 slides
Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim Kobeissi 1.5a Usable Security: Then and Now 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Humans are

1.24k views • 67 slides
Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell,

715 views • 34 slides
What Does the Brain Tell Us about Usable Security? Anthony Vance Brigham Young University Given

What Does the Brain Tell Us about Usable Security? Anthony Vance Brigham Young University Given

What Does the Brain Tell Us about Usable Security? Anthony Vance Brigham Young University Given a choice between dancing pigs and security, users will pick dancing pigs every time. Felton and McGraw (1999) clicky lusers BYU LAB

1.12k views • 84 slides
Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of

Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of

Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of Internet Speaking to a host end-to-end channel Communication security container-based authenticity: X.509, Certificate

678 views • 57 slides
Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security

Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security

Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security (CUPS) Lab Carnegie Mellon University 2 Personalization 3 Cross-System Personalization 4 Cross-System Personalization 5 Cross-System

310 views • 18 slides
Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two

Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two

Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two Six Labs working on DARPA Brandeis This talk goes over work from UCB 1 Install-time permissions A ccept all or dont use the app at all. No

944 views • 77 slides
Usable Security Spring 2015 Franziska (Franzi) Roesner

Usable Security Spring 2015 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security Spring 2015 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

1.11k views • 55 slides
The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas Reynolds University at Albany a Lightning Talk Symposium On Usable Privacy & Security Carnegie Mellon University, July 2011 Usable

371 views • 5 slides
Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer,

Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer,

Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer, Lorrie Cranor, Rob Reeder, Blase Ur, and Yinqian Zhang 1 Todays class Introducing me Introducing you Human Factors for Security and

985 views • 82 slides
Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to

Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to

Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to Verifying their Vote Workshop on Usable Security 2/23/2014 Usable Security Lab Jurlind Budurushi, Marcel Woide and Melanie Volkamer Crypto Lab Current

217 views • 19 slides
USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we have (tokens) What we are (iris, fingerprint) [Accuracy vs. cost trade-off] Other USER AUTHENTICATION INKBLOT AUTHENTICATION Come up with

671 views • 20 slides
Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi,

Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi,

Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi, Aditi Shah, Bharath Subramanian, and Sauvik Das The Sixteenth Symposium on Usable Privacy and Security August 7th - 11th, 2020 High attention levels

1.03k views • 6 slides
RF-based DFAR and implicit ad-hoc usable security Stephan Sigg Aalto University, Communications

RF-based DFAR and implicit ad-hoc usable security Stephan Sigg Aalto University, Communications

RF-based DFAR and implicit ad-hoc usable security Stephan Sigg Aalto University, Communications and Networking July 1, 2016 Group DFAR Conclusion 2 / 22 Stephan Sigg RF-based DFAR and implicit ad-hoc usable security Group DFAR Conclusion

824 views • 37 slides
Quo-vadis: Colliders? (Particle Physics?) Rohini M. Godbole Centre for High Energy Physics, IISc,

Quo-vadis: Colliders? (Particle Physics?) Rohini M. Godbole Centre for High Energy Physics, IISc,

Quo-vadis: colliders?. Rohini M. Godbole Quo-vadis: Colliders? (Particle Physics?) Rohini M. Godbole Centre for High Energy Physics, IISc, Bangalore, India 22 January 2019 Quo-vadis: colliders?. Plan Current status of particle

973 views • 80 slides
Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization

Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization

Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization as a Basis for Usable Security Usable Security Jennifer Rode, Carolina Johansson , Paul DiGioia, Roberto Silva Filho, Jennifer Rode,

327 views • 30 slides
Making the invisible visible Method Results A theory of security culture for secure and usable

Making the invisible visible Method Results A theory of security culture for secure and usable

Making the invisible visible S. Faily, I. Flchais Introduction Making the invisible visible Method Results A theory of security culture for secure and usable grids Cases What is Security Culture? Guidelines Future work S. Faily I.

692 views • 17 slides
Usable Security Raise the bar with implicit device pairing Stephan Sigg Department of

Usable Security Raise the bar with implicit device pairing Stephan Sigg Department of

Usable Security Raise the bar with implicit device pairing Stephan Sigg Department of Communications and Networking Aalto University, School of Electrical Engineering stephan.sigg@aalto.fi 09.10.2017 MEMORY IS A LIMITED RESOURCE Stephan

331 views • 13 slides
Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer,

Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer,

Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer, Lorrie Cranor, Rob Reeder, Blase Ur, and Yinqian Zhang 1 The human threat Malicious humans Humans who dont know what to do

569 views • 38 slides
Pastures: Towards Usable Security Policy Engineering Sergey Bratus, Alex Ferguson, Doug McIlroy,

Pastures: Towards Usable Security Policy Engineering Sergey Bratus, Alex Ferguson, Doug McIlroy,

Pastures: Towards Usable Security Policy Engineering Sergey Bratus, Alex Ferguson, Doug McIlroy, Sean Smith Institute for Security Technology Studies Department of Computer Science Dartmouth College Sergey Bratus, Alex Ferguson, Doug McIlroy,

482 views • 33 slides

More recommend