Security and Usability (Paperback)

Lorrie Faith Cranor, Simson Garfinkel

  • 出版商: O'Reilly
  • 出版日期: 2005-10-04
  • 定價: $1,575
  • 售價: 2.5$399
  • 語言: 英文
  • 頁數: 740
  • 裝訂: Paperback
  • ISBN: 0596008279
  • ISBN-13: 9780596008277
  • 相關分類: 資訊安全
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述


Description:

Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.

But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.

Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless.

There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer
interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.

Security & Usability groups 34 essays into six parts:

  • Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic.
  • Authentication Mechanisms-- techniques for identifying and authenticating computer users.
  • Secure Systems--how system software can deliver or destroy a secure user experience.
  • Privacy and Anonymity Systems--methods for allowing people to control the release of personal information.
  • Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g.,
    IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.
  • The Classics--groundbreaking papers that sparked the field of security and usability.


This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.

 

 

Table of Contents:

1. Preface

Part. Realigning Usability and Security

1. Psychological Acceptability Revisited
Matt Bishop 1

2. Usable Security
M. Angela Sasse and Ivan Flechais 13

3. Design for Usability
Bruce Tognazzini 29

4. Usability Design and Evaluation for Privacy and Security Solutions
Clare-Marie Karat, Carolyn Brodie, and John Karat 45

5. Designing Systems That People Will Trust
Andrew S. Patrick, Pamela Briggs, and Stephen Marsh 71

Part. Authentication Mechanisms

6. Evaluating Authentication Mechanisms
Karen Renaud 97

7. The Memorability and Security of Passwords
Jeff Yan, Alan Blackwell, Ross Anderson, and Alasdair Grant 121

8. Designing Authentication Systemswith Challenge Questions
Mike Just 135

9. Graphical Passwords
Fabian Monrose and Michael K. Reiter 147

10. Usable Biometrics
Lynne Coventry 165

11. Identifying Users from Their Typing Patterns
Alen Peacock, Xian Ke, and Matt Wilkerson 187

12. The Usability of Security Devices
Ugo Piazzalunga, Paolo Salvaneschi, and Paolo Coffetti 209

Part. Secure Systems

13. Guidelines and Strategies for Secure Interaction Design
Ka-Ping Yee 235

14. Fighting Phishing at the User Interface
Robert C. Miller and Min Wu 263

15. Sanitization and Usability
Simson Garfinkel 281

16. Making the Impossible Easy: Usable PKI
Dirk Balfanz, Glenn Durfee, and D.K. Smetters 305

17. Simple Desktop Security with Chameleon
A. Chris Long and Courtney Moskowitz 321

18. Security Administration Tools and Practices
Eser Kandogan and Eben M. Haber 343

Part. Privacy and Anonymity Systems

19. Privacy Issues and Human-Computer Interaction
Mark S. Ackerman and Scott D. Mainwaring 365

20. A User-Centric Privacy Space Framework
Benjamin Brunk 383

21. Five Pitfalls in the Design for Privacy
Scott Lederer, Jason I. Hong, Anind K. Dey, and James A. Landay 403

22. Privacy Policies and Privacy Preferences
Lorrie Faith Cranor 429

23. Privacy Analysis for the Casual User with Bugnosis
David Martin 455

24. Informed Consent by Design
Batya Friedman, Peyina Lin, and Jessica K. Miller 477

25. Social Approaches to End-User Privacy Management
Jeremy Goecks and Elizabeth D. Mynatt 505

26. Anonymity Loves Company: Usability and the Network Effect
Roger Dingledine and Nick Mathewson 529

Part. Commercializing Usability: The Ventor Perspective

27. ZoneAlarm: Creating Usable Security Products for Consumers
Jordy Berson 545

28. Firefox and the Worry-Free Web
Blake Ross 559

29. Users and Trust: A Microsoft Case Study
Chris Nodder 571

30. IBM Lotus Notes/Domino: Embedding Security in Collaborative Applications
Mary Ellen Zurko 589

31. Achieving Usable Security in Groove Virtual Office
George Moromisato, Paul Boyd, and Nimisha Asthagiri 605

Part. The Classics

32. Users Are Not the Enemy
Anne Adams and M. Angela Sasse 619

33. Usability and Privacy:A Study of KaZaA P2P File Sharing
Nathaniel S. Good and Aaron Krekelberg 631

34. Why Johnny Can't Encrypt
Alma Whitten and J. D. Tygar 649

Index

商品描述(中文翻譯)

描述:
人因素和可用性問題在安全研究和安全系統開發中一直扮演著有限的角色。安全專家往往忽視了可用性問題,既因為他們往往未能認識到人因素的重要性,也因為他們缺乏解決這些問題的專業知識。然而,越來越多人認識到,只有解決可用性和人因素問題,才能解決當今的安全問題。越來越多廣為人知的安全漏洞都歸因於可能通過更易用的軟件來防止的人為錯誤。事實上,世界未來的網絡安全取決於能夠被未經訓練的計算機用戶廣泛使用的安全技術的部署。

然而,許多人認為計算機安全和可用性之間存在固有的權衡。沒有密碼的計算機可用,但不太安全。每五分鐘需要密碼和新鮮的血滴來驗證身份的計算機可能非常安全,但沒有人會使用它。顯然,人們需要計算機,如果他們不能使用安全的計算機,他們會使用不安全的計算機。不幸的是,不安全的系統也無法長時間使用。它們會被黑客攻擊、破壞,或者變得無用。

越來越多人認識到,我們需要設計人們實際可以使用的安全系統,但對於如何實現這一目標,人們的意見不一致。《安全與可用性》是第一本描述這一新興領域現狀的專著。由安全專家Lorrie Faith Cranor博士和Simson Garfinkel博士編輯,並由全球領先的安全和人機交互(HCI)研究人員撰寫,這本書預計將成為經典參考資料和未來研究的靈感來源。

《安全與可用性》將34篇文章分為六個部分:
1. 重新調整可用性和安全性-著重於以用戶為中心的設計原則,安全性和可用性可以相輔相成。
2. 身份驗證機制-用於識別和驗證計算機用戶的技術。
3. 安全系統-系統軟件如何提供或破壞安全的用戶體驗。
4. 隱私和匿名系統-允許人們控制個人信息的發布的方法。
5. 商業化可用性:供應商的觀點-安全和軟件供應商(例如IBM、Microsoft、Lotus、Firefox和Zone Labs)在解決可用性方面的具體經驗。
6. 經典論文-引發安全和可用性領域的開創性論文。

這本書預計將引發討論、新思路和進一步在這一重要領域的發展。

目錄:
1. 前言
2. 重新調整可用性和安全性
3. 身份驗證機制
4. 安全系統
5. 隱私和匿名系統
6. 商業化可用性:供應商的觀點
7. 經典論文