Security & UsabilitySecurity & Usability

Charles FrankCharles Frank

Convenience is the Antithesis to Convenience is the Antithesis to SecuritySecurity

Computer systems must employ Computer systems must employ mechanisms that are difficult to use!mechanisms that are difficult to use!

Complex MechanismsComplex Mechanisms

Hard to configureHard to configure Hard to implement correctlyHard to implement correctly This weakens securityThis weakens security

Principle of Psychology AcceptabilityPrinciple of Psychology Acceptability

““It is essential that the human interface be It is essential that the human interface be designed for ease of use, so that users routinely designed for ease of use, so that users routinely and automatically apply the protection mechanism and automatically apply the protection mechanism correctly. Also, to the extent that the user’s mental correctly. Also, to the extent that the user’s mental image of his protection goals matches the image of his protection goals matches the mechanism he must use, mistakes will be mechanism he must use, mistakes will be minimized. If he must translate his image of his minimized. If he must translate his image of his protection into a radically different specification protection into a radically different specification language, he will make errors.”language, he will make errors.”

Jerome Saltzer & Michael Schroeder (1975)Jerome Saltzer & Michael Schroeder (1975)

Home UsersHome Users

No anti-virusNo anti-virus No firewallNo firewall Run as administratorRun as administrator No passwordNo password Wireless access point without a password or with Wireless access point without a password or with

the vendor default password and without the vendor default password and without encryptionencryption

Why? Why? – Principle of Psychology AcceptabilityPrinciple of Psychology Acceptability

PatchingPatching

Update functionality or enhance securityUpdate functionality or enhance security Patches can interfere with programs running Patches can interfere with programs running

on a systemon a system XP SP2 XP SP2

– IIS & FTP clients & servers did not work IIS & FTP clients & servers did not work correctlycorrectly

– Games did not work correctlyGames did not work correctly

Principle of Psychology AcceptabilityPrinciple of Psychology Acceptability

Principle of Psychology AcceptabilityPrinciple of Psychology Acceptability

Complex configurations lead to errors, and the Complex configurations lead to errors, and the less computer-savvy the users are, the worse the less computer-savvy the users are, the worse the security problems will be.security problems will be.

““How can one create mechanisms that are easy to How can one create mechanisms that are easy to install, provide the protection mechanism install, provide the protection mechanism necessary, and are unobtrusive to use, for people necessary, and are unobtrusive to use, for people ranging from novice home computer users to ranging from novice home computer users to system administrators?” – an open questionsystem administrators?” – an open question

Humans & SecurityHumans & Security

Are usability and security competing goals?Are usability and security competing goals? Humans are the weakest link in the security Humans are the weakest link in the security

chain.chain. Security systems are social as well as Security systems are social as well as

technical.technical. Security mechanisms require extra work. Security mechanisms require extra work.

Humans find shortcuts and workarounds.Humans find shortcuts and workarounds.

Humans & SecurityHumans & Security

Users will find ways to evade security Users will find ways to evade security demands that are considered unreasonable demands that are considered unreasonable or burdensome.or burdensome.

Build systems that are safe and usable.Build systems that are safe and usable.

Usability & SecurityUsability & Security

Security experts may reject proposal for Security experts may reject proposal for improving usability because they might help improving usability because they might help an attacker.an attacker.– Require passwords be changed frequently.Require passwords be changed frequently.– Users write them down or put a number at the Users write them down or put a number at the

end.end. Security designers should minimize the Security designers should minimize the

mental workload that a system creates for mental workload that a system creates for users.users.

Socially Acceptable SecuritySocially Acceptable Security

Require users to lock their screens when Require users to lock their screens when they leave their desks.they leave their desks.– Their office mates might think that the user does Their office mates might think that the user does

not trust them.not trust them.

People follow security policies to the letter People follow security policies to the letter might be considered “paranoid” or “anal” by might be considered “paranoid” or “anal” by their peers.their peers.

Psychological acceptabilityPsychological acceptability

User-Center Security DesignUser-Center Security Design

Security is a supporting task. Security must Security is a supporting task. Security must be designed to support production tasks.be designed to support production tasks.

Bring together stakeholders to carry out risk Bring together stakeholders to carry out risk analysis and to consider the practical analysis and to consider the practical implications of proposed security implications of proposed security mechanisms in the context of use.mechanisms in the context of use.

User EducationUser Education

Senior management sometimes exhibit bad Senior management sometimes exhibit bad security behavior. They are too important to security behavior. They are too important to be bother with “petty” security policies. be bother with “petty” security policies.

Organizations must integrate security into Organizations must integrate security into their business process for users to care their business process for users to care about protecting assets and exhibiting good about protecting assets and exhibiting good security behavior.security behavior.

ReferencesReferences

Security and Usability: Designing Secure Security and Usability: Designing Secure Systems That People Can UseSystems That People Can Use, ed. Lorrie , ed. Lorrie Faith Cranor & Simson Garfinkel, O’ReillyFaith Cranor & Simson Garfinkel, O’Reilly

Matt Bishop, “Psychological Acceptability Matt Bishop, “Psychological Acceptability Revisited”Revisited”

M. Angela Sasse & Ivan Flechais, “Usable M. Angela Sasse & Ivan Flechais, “Usable Security”Security”

Bruce Tognazzi, “Design for Usability”Bruce Tognazzi, “Design for Usability”