Security & Usability

Charles Frank

Convenience is the Antithesis to Security

Computer systems must employ mechanisms that are difficult to use!

Complex Mechanisms
Hard to configure Hard to implement correctly This weakens security

Principle of Psychology Acceptability

It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanism correctly. Also, to the extent that the users mental image of his protection goals matches the mechanism he must use, mistakes will be minimized. If he must translate his image of his protection into a radically different specification language, he will make errors. Jerome Saltzer & Michael Schroeder (1975)

Home Users
No anti-virus No firewall Run as administrator No password Wireless access point without a password or with the vendor default password and without encryption Why?
Principle of Psychology Acceptability

Patching
Update functionality or enhance security Patches can interfere with programs running on a system XP SP2
IIS & FTP clients & servers did not work correctly Games did not work correctly

Principle of Psychology Acceptability

Principle of Psychology Acceptability

Complex configurations lead to errors, and the less computer-savvy the users are, the worse the security problems will be. How can one create mechanisms that are easy to install, provide the protection mechanism necessary, and are unobtrusive to use, for people ranging from novice home computer users to system administrators? an open question

Humans & Security

Are usability and security competing goals? Humans are the weakest link in the security chain. Security systems are social as well as technical. Security mechanisms require extra work. Humans find shortcuts and workarounds.

Humans & Security

Users will find ways to evade security demands that are considered unreasonable or burdensome. Build systems that are safe and usable.

Usability & Security

Security experts may reject proposal for improving usability because they might help an attacker.
Require passwords be changed frequently. Users write them down or put a number at the end.

Security designers should minimize the mental workload that a system creates for users.

Socially Acceptable Security

Require users to lock their screens when they leave their desks.
Their office mates might think that the user does not trust them.

People follow security policies to the letter might be considered paranoid or anal by their peers. Psychological acceptability

User-Center Security Design

Security is a supporting task. Security must be designed to support production tasks. Bring together stakeholders to carry out risk analysis and to consider the practical implications of proposed security mechanisms in the context of use.

User Education
Senior management sometimes exhibit bad security behavior. They are too important to be bother with petty security policies. Organizations must integrate security into their business process for users to care about protecting assets and exhibiting good security behavior.

References
Security and Usability: Designing Secure Systems That People Can Use, ed. Lorrie Faith Cranor & Simson Garfinkel, OReilly Matt Bishop, Psychological Acceptability Revisited M. Angela Sasse & Ivan Flechais, Usable Security Bruce Tognazzi, Design for Usability