SlideShare a Scribd company logo

Lorrie Cranor - Usable Privacy & Security

Download as PPTX, PDF
Amy Lenzo, profile picture
Amy Lenzo

1) Usable privacy and security research bridges the fields of privacy/security and usability/HCI by considering both human and technical factors. It views humans as both users and potential adversaries. 2) When examining areas like passwords and access control, considering usability and security together is important because efforts to increase one can undermine the other if not designed carefully. 3) Making secure systems usable involves principles like invisible security, understandability through visibility and intuitive design, and training users. The fields must be studied together to develop solutions that achieve both security and usability.

1 of 6
Downloaded 13 times
1
2
3
4
5
6
Usable Privacy and Security Engineering & Public Policy Lorrie Faith Cranor 1
Usable privacy and security research bridges privacy/security and usability/HCI Usable Privacy& Security/Privacy Usability/HCI Security Humans are a secondary Humans are the primary Human factors and constraint to constraint, security are both primary security/privacy security/privacy rarely constraints constraints considered Humans considered Concerned about human Concerned about both primarily in their role as error but not human normal users and adversaries/attackers attackers adversaries Involves threat models Involves task models, Involves threat models mental models, cognitive AND task models, models mental models, etc. Focus on security Focus on usability Considers usability and metrics metrics security metrics together User studies rarely done User studies common User studies common, often involve deception + 2 active adversary
User-selected graphical passwords Usable Privacy& Security/Privacy Usability/HCI Security What is the space of Howdifficult is it for a All the security/privacy possible passwords? user to create, and usability HCI remember, and enter a questions How can we make the graphical password? password space larger to How long does it take? How do usersselect make the password graphical passwords? harder to guess? How hard is it for users How can we help them to learn the system? choose passwords How are the stored harder for attackers to passwords secured? Are users motivated to predict? put in effort to create Can an attacker gain good passwords? As the password space knowledge by observing increases, what are the a user entering her Is the system accessible impacts on usability password? using a variety of factors and predictability devices, for users with of human selection?
How can we make secure systems more usable? • Make it “just work” – Invisible security – Automation • Make security/privacy understandable – Make it visible – Make it intuitive – Use metaphors that users can relate to – Human-centered design • Train the user 4
Better together • Examining security/privacy and usability together is often critical for achieving either • Examples – Passwords • Users cope with some measures to increase password security by behaving in predictable ways • Some efforts to make passwords easier also make it much easier for an attacker to guess a password – Access control • The way access control settings are visualized in a user interface and the underlying semantics of how rule conflicts are resolved both contribute to users’ ability to configure the system to accurately enforce the desired policy – Privacy tools • Users who misunderstand how to use privacy tools don’t configure them properly • Some simple privacy tools don’t provide much protection 5
References • S. Komanduri, R. Shay, P.G. Kelley, M.L. Mazurek, L. Bauer, N. Christin, L.F. Cranor, and S. Egelman.Ofpasswords and people: Measuring the effect of password-composition policies.CHI 2011. • R.W. Reeder, L. Bauer, L.F. Cranor, M.K. Reiter, and K. Vaniea. More than skin deep: Measuring effects of the underlying model on access-control system usability. CHI 2011. • P.G. Leon, B. Ur, R. Balebako, L.F. Cranor, R. Shay, and Y. Wang. Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising. CHI 2012. See also related papers listed at http://cups.cs.cmu.edu/ 6

More Related Content

PPTX
Peter Muhlberger - SaTC Cyber Cafe
Amy Lenzo
 
PPTX
VCU INFO 644 Critical Thinking 1
tgbrunet
 
PPTX
Introduction to ethics
Saqib Raza
 
PDF
Resiliency-Part One -11-3-2015
Dr Robert D. Childs
 
DOCX
Lab 1
novelinbabate2
 
PDF
Computer ethics
shashi kiran
 
PPTX
An ABC of cyberethics
Yamith José Fandiño Parra
 
PPTX
Social & professional issues in IT
Rohana K Amarakoon
 
Peter Muhlberger - SaTC Cyber Cafe
Amy Lenzo
 
VCU INFO 644 Critical Thinking 1
tgbrunet
 
Introduction to ethics
Saqib Raza
 
Resiliency-Part One -11-3-2015
Dr Robert D. Childs
 
Lab 1
novelinbabate2
 
Computer ethics
shashi kiran
 
An ABC of cyberethics
Yamith José Fandiño Parra
 
Social & professional issues in IT
Rohana K Amarakoon
 

What's hot (20)

DOCX
Chap2 lab1
Elma Valdehueza
 
PPTX
Cyber Security for Teenagers/Students
rainrjcahili
 
PPT
Alloy Cybersecurity
Mark Stockman
 
PPTX
IT Ethics
Keith Putnam
 
DOC
Computer Forensics Specialist Lab 1 From Word Chapter 2
guest4ea1460
 
PPT
Computer ethics
Benjamin Sangalang
 
PPT
Cybercrime: Understanding the Offender, Victim and Managers
Michigan State University Research
 
PPTX
Computer ethics & copyright
Vehitaltinci
 
PPTX
Computer ethics
SKS
 
PPTX
Social and Professional Issues in Computing - Ethics
Dyuti Islam
 
PDF
Comparative review dele
yoboy7
 
DOCX
Maranan chap.2 lab 1
maranan_zyra
 
PPTX
Ethical and legal issues
Nickardo Salmon
 
DOCX
Mary hankins fernando br ua
Jennifer Cataluña
 
DOCX
Cataluña mary hapkins
Jennifer Cataluña
 
DOCX
Brua computer forensics specialist
fernando_bruaj
 
PPT
Ethics in IT and System Usage
tushki92
 
PPTX
3.0 computer ethic
fauzihayob
 
PPT
Computer Ethics
Kodok Ngorex
 
PDF
Hacking the Helpdesk, Craig Clark
Service Desk Institute
 
Chap2 lab1
Elma Valdehueza
 
Cyber Security for Teenagers/Students
rainrjcahili
 
Alloy Cybersecurity
Mark Stockman
 
IT Ethics
Keith Putnam
 
Computer Forensics Specialist Lab 1 From Word Chapter 2
guest4ea1460
 
Computer ethics
Benjamin Sangalang
 
Cybercrime: Understanding the Offender, Victim and Managers
Michigan State University Research
 
Computer ethics & copyright
Vehitaltinci
 
Computer ethics
SKS
 
Social and Professional Issues in Computing - Ethics
Dyuti Islam
 
Comparative review dele
yoboy7
 
Maranan chap.2 lab 1
maranan_zyra
 
Ethical and legal issues
Nickardo Salmon
 
Mary hankins fernando br ua
Jennifer Cataluña
 
Cataluña mary hapkins
Jennifer Cataluña
 
Brua computer forensics specialist
fernando_bruaj
 
Ethics in IT and System Usage
tushki92
 
3.0 computer ethic
fauzihayob
 
Computer Ethics
Kodok Ngorex
 
Hacking the Helpdesk, Craig Clark
Service Desk Institute
 
Ad

Viewers also liked (10)

PPTX
Stefan Savage Cyber Cafe
Amy Lenzo
 
PPTX
Dan Boneh - SaTC Cyber Cafe
Amy Lenzo
 
PPTX
SaTC Cyber Cafe Jeremy Epstein
Amy Lenzo
 
PPTX
Asal and Rethemeyer - Cyber Cafe
Amy Lenzo
 
PPTX
Workshop: Gathering User Insight
Darren Kall
 
PPTX
Usable security it isn't secure if people can't use it mwux 2 jun2012
Darren Kall
 
PDF
(Un)usable Security
Stefan
 
PDF
Usable security
Rachel Ilan Simpson
 
PPT
Introduction To Ethical Hacking
chakrekevin
 
PDF
Cloud Security & Real World Threats
Rob Witoff
 
Stefan Savage Cyber Cafe
Amy Lenzo
 
Dan Boneh - SaTC Cyber Cafe
Amy Lenzo
 
SaTC Cyber Cafe Jeremy Epstein
Amy Lenzo
 
Asal and Rethemeyer - Cyber Cafe
Amy Lenzo
 
Workshop: Gathering User Insight
Darren Kall
 
Usable security it isn't secure if people can't use it mwux 2 jun2012
Darren Kall
 
(Un)usable Security
Stefan
 
Usable security
Rachel Ilan Simpson
 
Introduction To Ethical Hacking
chakrekevin
 
Cloud Security & Real World Threats
Rob Witoff
 
Ad

Similar to Lorrie Cranor - Usable Privacy & Security (20)

PPSX
Usable Security: When Security Meets Usability
Shujun Li
 
PDF
Human Factors in Cyber Security: User authentication as a use case
Shujun Li
 
PPTX
Human_Factors_KA_webinar_-_slides.pptx
Muddasarahmed5
 
PDF
Security And Usability Designing Secure Systems That People Can Use Lorrie Fa...
timeogeury
 
PDF
Ce36484489
IJERA Editor
 
PDF
Designing for Usable Security and Privacy
Cori Faklaris
 
PPTX
Human/User-Centric Security
Shujun Li
 
PPTX
3d password ppt
manisha0902
 
PPTX
Access Control authentication and authorization .pptx
birhanugirmay559
 
PDF
Accessible Privacy and Security
Pavithren V S Pakianathan
 
PPT
Introduction To Usability
Ovidiu Von M
 
PDF
Designing Login Interfaces for Mobiles
Rohit Ashok Khot
 
PPT
Chapter1
meltem7798
 
PPTX
Human computer interaction 3 4(revised)
emaan waseem
 
PPT
3D-Password: A More Secure Authentication
Mahesh Gadhwal
 
PDF
Human Error in Cyber Security
Antti Ollila
 
PDF
SEMINAR REPORT ON 3D PASSWORD
Karishma Khan
 
PPTX
05-Authentication.pptx Software Security
RahmathMohammed4
 
DOCX
PassBYOP: Bring Your Own Picture for Securing Graphical Passwords
Kamal Spring
 
PDF
Secure Arcade: A Gamified Defense Against Cyber Attacks
IJCSITJournal2
 
Usable Security: When Security Meets Usability
Shujun Li
 
Human Factors in Cyber Security: User authentication as a use case
Shujun Li
 
Human_Factors_KA_webinar_-_slides.pptx
Muddasarahmed5
 
Security And Usability Designing Secure Systems That People Can Use Lorrie Fa...
timeogeury
 
Ce36484489
IJERA Editor
 
Designing for Usable Security and Privacy
Cori Faklaris
 
Human/User-Centric Security
Shujun Li
 
3d password ppt
manisha0902
 
Access Control authentication and authorization .pptx
birhanugirmay559
 
Accessible Privacy and Security
Pavithren V S Pakianathan
 
Introduction To Usability
Ovidiu Von M
 
Designing Login Interfaces for Mobiles
Rohit Ashok Khot
 
Chapter1
meltem7798
 
Human computer interaction 3 4(revised)
emaan waseem
 
3D-Password: A More Secure Authentication
Mahesh Gadhwal
 
Human Error in Cyber Security
Antti Ollila
 
SEMINAR REPORT ON 3D PASSWORD
Karishma Khan
 
05-Authentication.pptx Software Security
RahmathMohammed4
 
PassBYOP: Bring Your Own Picture for Securing Graphical Passwords
Kamal Spring
 
Secure Arcade: A Gamified Defense Against Cyber Attacks
IJCSITJournal2
 

More from Amy Lenzo (9)

PDF
Graphics session 6
Amy Lenzo
 
PDF
Visual Capture: Reflecting Collective Intelligence
Amy Lenzo
 
PPT
Transforming Social Fields
Amy Lenzo
 
PPT
Wisdom emerging
Amy Lenzo
 
PPT
Level 1 Learnign Program- SlideShow2
Amy Lenzo
 
PPTX
Participant list
Amy Lenzo
 
PPT
Level One Online - SlideShow1
Amy Lenzo
 
PPS
Just Water
Amy Lenzo
 
PPT
The World Café Conversation
Amy Lenzo
 
Graphics session 6
Amy Lenzo
 
Visual Capture: Reflecting Collective Intelligence
Amy Lenzo
 
Transforming Social Fields
Amy Lenzo
 
Wisdom emerging
Amy Lenzo
 
Level 1 Learnign Program- SlideShow2
Amy Lenzo
 
Participant list
Amy Lenzo
 
Level One Online - SlideShow1
Amy Lenzo
 
Just Water
Amy Lenzo
 
The World Café Conversation
Amy Lenzo
 

Lorrie Cranor - Usable Privacy & Security

  • 1. Usable Privacy and Security Engineering & Public Policy Lorrie Faith Cranor 1
  • 2. Usable privacy and security research bridges privacy/security and usability/HCI Usable Privacy& Security/Privacy Usability/HCI Security Humans are a secondary Humans are the primary Human factors and constraint to constraint, security are both primary security/privacy security/privacy rarely constraints constraints considered Humans considered Concerned about human Concerned about both primarily in their role as error but not human normal users and adversaries/attackers attackers adversaries Involves threat models Involves task models, Involves threat models mental models, cognitive AND task models, models mental models, etc. Focus on security Focus on usability Considers usability and metrics metrics security metrics together User studies rarely done User studies common User studies common, often involve deception + 2 active adversary
  • 3. User-selected graphical passwords Usable Privacy& Security/Privacy Usability/HCI Security What is the space of Howdifficult is it for a All the security/privacy possible passwords? user to create, and usability HCI remember, and enter a questions How can we make the graphical password? password space larger to How long does it take? How do usersselect make the password graphical passwords? harder to guess? How hard is it for users How can we help them to learn the system? choose passwords How are the stored harder for attackers to passwords secured? Are users motivated to predict? put in effort to create Can an attacker gain good passwords? As the password space knowledge by observing increases, what are the a user entering her Is the system accessible impacts on usability password? using a variety of factors and predictability devices, for users with of human selection?
  • 4. How can we make secure systems more usable? • Make it “just work” – Invisible security – Automation • Make security/privacy understandable – Make it visible – Make it intuitive – Use metaphors that users can relate to – Human-centered design • Train the user 4
  • 5. Better together • Examining security/privacy and usability together is often critical for achieving either • Examples – Passwords • Users cope with some measures to increase password security by behaving in predictable ways • Some efforts to make passwords easier also make it much easier for an attacker to guess a password – Access control • The way access control settings are visualized in a user interface and the underlying semantics of how rule conflicts are resolved both contribute to users’ ability to configure the system to accurately enforce the desired policy – Privacy tools • Users who misunderstand how to use privacy tools don’t configure them properly • Some simple privacy tools don’t provide much protection 5
  • 6. References • S. Komanduri, R. Shay, P.G. Kelley, M.L. Mazurek, L. Bauer, N. Christin, L.F. Cranor, and S. Egelman.Ofpasswords and people: Measuring the effect of password-composition policies.CHI 2011. • R.W. Reeder, L. Bauer, L.F. Cranor, M.K. Reiter, and K. Vaniea. More than skin deep: Measuring effects of the underlying model on access-control system usability. CHI 2011. • P.G. Leon, B. Ur, R. Balebako, L.F. Cranor, R. Shay, and Y. Wang. Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising. CHI 2012. See also related papers listed at http://cups.cs.cmu.edu/ 6