Security and Usability: Designing Secure Systems that People Can Use

Security and Usability: Designing Secure Systems that People Can Use

NOOK Book(eBook)

$23.49 $39.99 Save 41% Current price is $23.49, Original price is $39.99. You Save 41%.
View All Available Formats & Editions
Available on Compatible NOOK Devices and the free NOOK Apps.
Want a NOOK ? Explore Now


Security and Usability: Designing Secure Systems that People Can Use by Lorrie Faith Cranor, Simson Garfinkel

Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.

But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.

Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless.

There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computerinteraction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.

Security & Usability groups 34 essays into six parts:

  • Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic.
  • Authentication Mechanisms-- techniques for identifying and authenticating computer users.
  • Secure Systems--how system software can deliver or destroy a secure user experience.
  • Privacy and Anonymity Systems--methods for allowing people to control the release of personal information.
  • Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g.,IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.
  • The Classics--groundbreaking papers that sparked the field of security and usability.

This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.

Product Details

ISBN-13: 9780596553852
Publisher: O'Reilly Media, Incorporated
Publication date: 08/25/2005
Sold by: Barnes & Noble
Format: NOOK Book
Pages: 740
File size: 7 MB

About the Author

Dr. Lorrie Faith Cranor is an Associate Research Professor in the School of Computer Science at Carnegie Mellon University. She is a faculty member in the Institute for Software Research, International and in the Engineering and Public Policy department. She is director of the CMU Usable Privacy and Security Laboratory (CUPS).

Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.

Table of Contents

Part 1Realigning Usability and Securityxxi
1Psychological Acceptability Revisited1
2Usable Security13
3Design for Usability31
4Usability Design and Evaluation for Privacy and Security Solutions47
5Designing Systems That People Will Trust75
Part 2Authentication mechanisms101
6Evaluating Authentication Mechanisms103
7The Memorability and Security of Passwords129
8Designing Authentication Systems with Challenge Questions143
9Graphical Passwords157
10Usable Biometrics175
11Identifying Users from Their Typing Patterns199
12The Usability of Security Devices221
Part 3Secure Systems245
13Guidelines and Strategies for Secure Interaction Design247
14Fighting Phishing at the User Interface275
15Sanitization and Usability293
16Making the Impossible Easy: Usable PKI319
17Simple Desktop Security with Chameleon335
18Security Administration Tools and Practices357
Part 4Privacy and Anonymity Systems379
19Privacy Issues and Human-Computer Interaction381
20A User-Centric Privacy Space Framework401
21Five Pitfalls in the Design for Privacy421
22Privacy Policies and Privacy Preferences447
23Privacy Analysis for the Casual User with Bugnosis473
24Informed Consent by Design495
25Social Approaches to End-User Privacy Management523
26Anonymity Loves Company: Usability and the Network Effect547
Part 5Commercializing Usability: The Vendor Perspective561
27ZoneAlarm: Creating Usable Security Products for Consumers563
28Firefox and the Worry-Free Web577
29Users and Trust: A Microsoft Case Study589
30IBM Lotus Notes/Domino: Embedding Security in Collaborative Applications607
31Achieving Usable Security in Groove Virtual Office623
Part 6The Classics637
32Users Are Not the Enemy639
33Usability and Privacy: A Study of KaZaA P2P File Sharing651
34Why Johnny Can't Encrypt669

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews