An Approach to Usable Security based on Event Monitoring and Visualization

An Approach to Usable Security based on Event Monitoring and Visualization (2002)

Cached

Download Links

by Paul Dourish , David Redmiles

Venue:	Proceedings of the 2002 workshop on New security paradigms
Citations:	26 - 10 self

BibTeX

@INPROCEEDINGS{Dourish02anapproach,
    author = {Paul Dourish and David Redmiles},
    title = {An Approach to Usable Security based on Event Monitoring and Visualization},
    booktitle = {Proceedings of the 2002 workshop on New security paradigms},
    year = {2002},
    pages = {75--81},
    publisher = {ACM Press}
}

Bookmark

OpenURL

Abstract

The thorny problem of usability has been recognized in the security community for many years, but has, so far, eluded systematic solution. We characterize the problem as a gap between theoretical and effective levels of security, and consider the characteristics of the problem. The approach we are taking focuses on visibility- how can we make relevant features of the security context apparent to users, in order to allow them to make informed decisions about their actions and the potential implications of those actions?

Citations

741	End-to-end arguments in system design - Saltzer, Reed, et al. - 1984
537	The protection of information in computer systems - Saltzer, Schroeder - 1975
488	Awareness and coordination in shared workspaces - Dourish, Bellotti - 1992
363	An intrusion-detection model - Denning - 1987
314	A first step towards automated detection of buffer overrun vulnerabilities - Wagner, Foster, et al. - 2000
283	Why johnny can’t encrypt: A usability evaluation of PGP 5.0 - Whitten, Tygar - 1999
252	Why cryptosystems fail - Anderson - 1994
174	Design for privacy in ubiquitous computing environments - Bellotti, Sellen - 1993
174	Secrets & Lies, Digital Security in a Networked World - Schneier - 2000
140	Access Control for Collaborative Environments - Shen, Dewan - 1992
128	Three systems for cryptographic protocol analysis - Kemmerer, Meadows, et al. - 1994
121	Déjà Vu: User study using images for authentication - Dhamija, Perrig - 2000
113	The contemporary theory of metaphor - Lakoff - 1993
99	The Codebreakers - Kahn - 1976
92	intrusion detection system - Smaha, Haystack - 1988
87	Rethinking the design of the internet: The end-to-end arguments vs. the brave new world - Blumenthal, Clark
64	User-Centered Security - Zurko, Simon - 1996
55	Are Passfaces more usable than passwords: A field trial investigation - Brostoff, Sasse - 2000
55	Culture and Control in a Media Space - Dourish - 1993
54	An Approach to Large-Scale Collection of Application Usage Data over the Internet - Hilbert, Redmiles - 1998
53	Privacy Critics: UI Components to Safeguard Users' Privacy. Paper presented at the CHI'99 - Ackerman, Cranor - 1999
50	A prototype real-time intrusion-detection expert system - Lunt, Jagannathan - 1988
48	Pretty good persuasion: a first step towards effective password security in the real world - Weirich, Sasse - 2001
43	Toward a taxonomy and costing method for security services - Irvine, Levin - 2000
41	Augmenting the Workaday World with Elvin - Fitzpatrick, Mansfield, et al. - 1999
40	Visualizing the global topology of the MBone - Munzner, Hoffman, et al. - 1996
38	Users Are Not the Enemy: Why Users Compromise Security Systems and How to Take Remedial Measures - Adams, Sasse - 1999
37	Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol (PPTP - Schneier, Mudge - 1998
33	Making passwords secure and usable - Adams, Sasse, et al. - 1997
33	Phenomenology and the evolution of intuition - diSessa - 1983
32	Quality of Security Service - Irvine, Levin - 2000
31	Design and Evaluation of a Wide-Area Notification Service - Carzaniga, Rosenblum, et al. - 2001
31	Real-time Groupware as a Distributed System: Concurrency Control and its Effect on the Interface - Greenberg, Marwood - 1994
30	Security kernel design and implementation: An introduction - Ames, R, et al. - 1983
27	Operating system enhancements to prevent the misuse of system calls - Bernaschi, Gabrielli, et al. - 2000
24	Creating an Infrastructure for Ubiquitous Awareness - Kantor, Redmiles - 2001
23	Automatic Monitoring of Software Requirements - Cohen - 1997
17	Flexible Meta Access-Control for Collaborative Applications - Dewan, Shen - 1998
15	Privacy in E-Commerce: Examining User - Ackerman, Cranor, et al. - 1999
14	Security Service Level Agreements: Quantifiable Security for the Enterprise? New Security Paradigm Workshop - Henning - 1999
14	Large-scale collection of usage data to inform design - Hilbert, Redmiles - 2001
14	Calculating costs for quality of security service - Spyropoulou, Levin, et al. - 2000
11	The conceptual structure of information space - Maglio, Matlock - 1999
9	A Visual Virtual Machine for Java Programs: Exploration and Early Experiences - Dourish, Byttner - 2002
7	Incremental Assurance for Multilevel Applications - Thomsen, Denz - 1997
2	The Doctor is In: Helping End-Users Understand the Health of Distributed Systems - Dourish, Swinehart, et al.
2	Lessons Learned Using with Notification Servers To Support Application Awareness - Souza, Basaveswara, et al.
1	Pulsar: An Extensible Tool for Monitoring Large - Finkel - 1997
1	Rapide: a language and toolset for causal event modeling of distributed system architectures - Luckham - 1998
1	Examining Users’ Repertaoir of Internet Applications - Rimmer, Wakeman, et al. - 1999