6 research outputs found
Appropriation and Principled Security
Secure systems have a reputation of being unusable and demanding on users, a situation attributed to a lack of usability and human factors expertise among security experts. We argue that the issue of unusable security might have deeper roots. Indeed, the design principles security relies on are out of touch with the reality of nowadaysâ computing practices. In particular, the security principles of least privilege and fail-safe defaults strip human users of their ability to reconfigure systems and leave them stranded when facing interaction breakdowns. Security principles therefore prevent the reppropriation of systems they mediate both in unexpected practices and by unexpected users. We propose several leads to lessen the negative impact of those principles on secure systems
"No Good Reason to Remove Features": Expert Users Value Useful Apps over Secure Ones
Application sandboxes are an essential security mechanism to contain malware, but are seldom used on desktops. To understand why this is the case, we interviewed 13 expert users about app appropriation decisions they made on their desktop computers. We collected 201 statements about app appropriation decisions. Our value-sensitive empirical analysis of the interviews revealed that (a) security played a very minor role in app appropriation; (b) users valued plugins that support their productivity; (c) users may abandon apps that remove a feature â especially when a feature was blocked for security reasons. Our expert desktop users valued a stable user experience and flexibility, and are unwilling to sacrifice those for better security. We conclude that sandboxing â as currently implemented â is unlikely to be voluntarily adopted, especially by expert users. For sandboxing to become a desirable security mechanism, they must first accommodate plugins and features widely found in popular desktop apps
How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel
We present the first static approach that systematically
detects potential double-fetch vulnerabilities in the Linux kernel. Using a pattern-based analysis, we identified 90
double fetches in the Linux kernel. 57 of these occur
in drivers, which previous dynamic approaches were unable
to detect without access to the corresponding hardware.
We manually investigated the 90 occurrences, and
inferred three typical scenarios in which double fetches
occur. We discuss each of them in detail. We further developed
a static analysis, based on the Coccinelle matching
engine, that detects double-fetch situations which can
cause kernel vulnerabilities. When applied to the Linux,
FreeBSD, and Android kernels, our approach found six
previously unknown double-fetch bugs, four of them in
drivers, three of which are exploitable double-fetch vulnerabilities.
All of the identified bugs and vulnerabilities
have been confirmed and patched by maintainers. Our
approach has been adopted by the Coccinelle team and
is currently being integrated into the Linux kernel patch
vetting. Based on our study, we also provide practical solutions
for anticipating double-fetch bugs and vulnerabilities.
We also provide a solution to automatically patch
detected double-fetch bugs
From Paternalistic to User-Centred Security: Putting Users First with Value-Sensitive Design
Usable security research to date has focused on making
users more secure, by identifying and addressing usability
issues that lead users to making mistakes, or by persuading
users to pay attention to security and make secure choices.
However, security goals were set by security experts, who
were unaware that users often have other priorities and
value security differently. In this paper, we present examples
of circumventions and non-adoption of secure systems
designed under this paternalistic mindset. We argue that
security experts need to identify user values and deliver
on them. To do that, we need a methodological framework
that can conceptualise values and identify those that impact
user engagement with security. We show that (a) engagement
with, and adherence to security, are mediated by user
values, and that (b) it is necessary to model those values
to understand the nature of securityâs failures and to design
viable alternatives