Design principles and patterns for computer systems that are simultaneously secure and usable

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 429-464) and index.It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.(cont.) In every case considered, it is shown that the perceived antagonism of security and usability can be scaled back or eliminated by revising the underlying designs on which modern systems are conceived. In many cases these designs can be implemented without significant user interface changes. The patterns described in this thesis can be directly applied by today's software developers and used for educating the next generation of programmers so that longstanding usability problems in computer security can at last be addressed. It is very likely that additional patterns can be identified in other related areas.by Simson L. Garfinkel.Ph.D

Simple and secured access to networked home appliances via internet using SSL, BioHashing and single Authentication Server

This thesis describes a web-based application that will enable users to access their networked home appliances over the Internet in an easy, secured, accessible and cost effective manner, using the user's iris image only for authentication. As Internet is increasingly gaining significance and popularity in our daily lives, various home networking technologies also started gaining importance from consumers, which helped in facilitating interoperability, sharing of services and exchange of information between different electronic devices at home. As a result, the demand to be able to access home appliances or security cameras over the Internet gradually grew. In this research, we propose an efficient, secured, low-cost and user-friendly method to access networked home appliances over the Internet, providing strong, well integrated, three levels of security to the whole application and user data. According to our design, the user's iris data after hashing (using BioHashing) is sent through a secure communication channel utilizing Secure Sockets Layer v-3.0. The deterministic feature sequence from the iris image is extracted using 1D log-Gabor filters and while performing BioHashing, the orthonormalization of the pseudorandom number is implemented employing Gram-Schmidt orthonormalization algorithm. In addition to this protected data transfer mechanism, we propose the design of an Authentication Server that can be shared among multiple homes, allowing numerous users to access their home appliances in a trouble-free and secured manner. It can also bring down the cost of commercial realization of this endeavor and increase its accessibility without compromising on system security. We demonstrate that the recognition efficiency of this system is computationally effective with equal error rate (EER) of 0% and 6.75% (average) in two separate conditions on CASIA 1 and CASIA 2 iris image datasets

Optimizing Proactive Measures for Security Operations

Digital security threats may impact governments, businesses, and consumers through intellectual property theft, loss of physical assets, economic damages, and loss of confidence. Significant effort has been placed on technology solutions that can mitigate threat exposure. Additionally, hundreds of years of literature have focused on non-digital, human-centric strategies that proactively allow organizations to assess threats and implement mitigation plans. For both human and technology-centric solutions, little to no prior research exists on the efficacy of how humans employ digital security defenses. Security professionals are armed with commonly adopted "best practices" but are generally unaware of the particular artifacts and conditions (e.g., organizational culture, procurement processes, employee training/education) that may or may not make a particular environment well-suited for employing the best practices. In this thesis, I study proactive measures for security operations and related human factors to identify generalizable optimizations that can be applied for measurable increases in security. Through interview and survey methods, I investigate the human and organizational factors that shape the adoption and employment of defensive strategies. Case studies with partnered organizations and comprehensive evaluations of security programs reveal security gaps that many professionals were previously unaware of --- as well as opportunities for changes in security behaviors to mitigate future risk. These studies highlight that, in exemplar environments, the adoption of proactive security assessments and training programs lead to measurable improvements in organizations' security posture

Using Workshops to Improve Security in Software Development Teams

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. Yet many, perhaps most, security problems can be prevented with careful design, construction and configuration of the software and systems involved, so software developers have a major contribution to make. This research investigated how to help teams of software developers achieve better security. An initial qualitative survey of 15 secure software development professionals highlighted a range of security assurance and motivation techniques suitable for teams of developers, and emphasised the human interaction aspects. A further quantitative survey of 330 successful Android developers then identified a baseline of current security practices in software development. Based on these surveys, the author created an intervention package to help software developers. Action Research techniques were used to trial and improve it in two one-year cycles with a total of 19 development teams in 11 different organisations. The later development of the package concentrated on empowering the developers involved, and reducing the involvement required from the researchers. By proving that a set of structured workshops can have an impact on the security performance of a team for a reasonable cost and without the support of security professionals, this research offers a powerful means to enhance development security in the UK, creating more secure software and systems for all users

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security