This paper describes the unique challenges facing usable security research and design, and introduces three proposals for addressing these. For all intents and purposes security design is currently a craft, where quality is dependent on individuals and their ability, rather than principles and engineering. However, the wide variety of different skills necessary to design secure and usable systems is unlikely to be mastered by many individuals, requiring an unlikely combination of insight and education. Psychology, economics and cryptography have very little in common, and yet all have a role to play in the field of usable security. To address these concerns, three proposals are presented here: to adopt a principled design framework for usable security and privacy, to support a research environment where skills and knowledge can be pooled and shared, and to guide and inform the principles that underpin the educational curriculum of future security engineers and researchers

Faily, Shamal

English

Fl�chais, Ivan

Open Access Institutional Repository at Robert Gordon University

FLÉCHAIS, I. and FAILY, S. 2010. Security and usability: searching for the philosopher's stone. Presented at the Workshop on the development of EuroSOUPS, 24 November 2010, Newcastle, UK. Hosted on CoCoLab.org [online]. Available from: https://www.cocolab.org/soups/eurosoups     This document was downloaded from https://openair.rgu.ac.uk Security and usability: searching for the philosopher's stone. FLÉCHAIS, I. and FAILY, S. 2010 Security and Usability: Searching for the philosopher’sstoneIvan FléchaisOxford University Computing LaboratoryParks Road, OX1 3QD, UKivan.flechais@comlab.ox.ac.ukShamal FailyOxford University Computing LaboratoryParks Road, OX1 3QD, UKshamal.faiiy@comlab.ox.ac.uk(...) might there exist a remarkableanalogy between this usable and secure sys-tem and the ancient alchemists’ philoso-pher’s stone?— Auguste Kerckhoffs La Cryptographie Mil-itaire 1883ABSTRACTThis paper describes the unique challenges facing usable se-curity research and design, and introduces three proposalsfor addressing these. For all intents and purposes securitydesign is currently a craft, where quality is dependent onindividuals and their ability, rather than principles and en-gineering. However, the wide variety of different skills nec-essary to design secure and usable systems is unlikely to bemastered by many individuals, requiring an unlikely combi-nation of insight and education. Psychology, economics andcryptography have very little in common, and yet all have arole to play in the field of usable security. To address theseconcerns, three proposals are presented here: to adopt aprincipled design framework for usable security and privacy,to support a research environment where skills and knowl-edge can be pooled and shared, and to guide and informthe principles that underpin the educational curriculum offuture security engineers and researchers.1. INTRODUCTIONThe quest for secure and usable systems is neither new norcomplete. Even in 1883, Auguste Kerckhoffs was lamentingthe failures of the french army to employ a usable and se-cure cryptographic system [12]. While this treatise is knownfor expressing one of the most famous cryptographic prin-ciples – that a cryptographic algorithm should not dependon secrecy for its strength – the sixth principle also states:Finally, it is necessary, given the circumstances that com-mand its application, that the (crypto)system be simple touse, requiring neither mental strain, nor the knowledge of along series of rules to observe.The world has now moved on. Issues of security and us-ability are no longer the province of military cryptographersbut of software developers, system administrators, and theCopyright is held by the author/owner. Permission to make digital or hardcopies of all or part of this work for personal or classroom use is grantedwithout fee..user community. Nevertheless, progress in usable securityresearch and design has been slow, due in part to the needto master a large amount of (usually) mutually exclusive,yet necessary, skills and knowledge. To quote from RossAnderson, “the security engineer needs to understand basiceconomics as well as the basics of crypto, protocols, accesscontrols, and psychology” [1]. Addressing this fundamen-tal dilemma is necessary if the field of usable privacy andsecurity is to deliver on its promises.The following sections describe three proposals for thefield of usable security and privacy, aimed at fostering asound design, research and educational foundation.2. ADOPT A DESIGN APPROACHRelying on individuals to master the many different fieldsof knowledge necessary for usable security and privacy re-search is not an option when practitioners need to buildsystems. Design frameworks are the only means wherebydifferent skills can be utilised and harmonised for the com-mon purpose of building a usable secure system.EuroSOUPS could solicit and provide a venue for researchin usable security design, and encourage existing work toformulate and discuss human-centered security engineeringprinciples and practices.3. SUPPORTAN INTERDISCIPLINARYRESEARCH ENVIRONMENTUsable security and privacy is a multidisciplinary prob-lem, and supporting a research environment where thesedisciplines can come together and inform one another is notonly desirable but necessary. Like SOUPS, EuroSOUPS cancontribute to this research environment by both providinga venue for disseminating research findings and forging newconnections between researchers and industry that last be-yond an annual event.We believe EuroSOUPS can play a significant role in thecreation of a network of excellence for researchers and com-panies interested in the field of secure usability and privacy.The purpose behind this network would be to facilitate thesharing of knowledge, to identify areas of expertise and to en-courage collaboration in the pursuit of new research. Somepractical ideas for establishing this network could include:• the creation of a social network of interested parties,• a centrally accessible and persistent resource for re-search knowledge (including experimental designs, re-search methodologies, questionnaires, lists of individu-als/institutions with specific expertise in relevant tech-niques or tools, sources of research funding, the meansfor groups looking to collaborate on new research projectsto identify and approach other partners, etc.),• an annual meeting at a EuroSOUPS conference to keepthe momentum going and provide an approachablevenue for people who might be interested in joining.4. ENGAGE WITH SECURITY EDUCATIONThere are two aspects to engaging with security education:the first consists of providing useful educational material,perhaps in the form of podcasts or tutorials; the secondaims at informing, engaging and shaping different securityeducational curricula.• The creation of useful educational material is impor-tant to further the cause of usable privacy and security.Disseminating usable security and privacy know-how ispredicated on this. Running tutorials or seminars atEuroSOUPS is one means of doing so; another pro-posal would be to run a DesignFest for usable secu-rity and privacy—an activity whereby attendees wouldsharpen their design skills by working on real usablesecurity problems with other participants with differ-ent backgrounds and expertise. This type of approachhas proven effective and engaging at other venues suchas OOPSLA, and provides attendees with a differentkind of learning experience.• Engaging with existing educational curricula requires aclear understanding of the necessary knowledge, skillsand techniques that underpin usable security and pri-vacy. Further research is needed to ascertain whatthese are, and how to best integrate these into thewider security arena, and EuroSOUPS would be anideal venue for this.5. CONCLUSIONSEuroSOUPS presents a new opportunity to shape the fieldof research in usable security and privacy in order to addresscurrent weaknesses. By channelling efforts towards support-ing engineering approaches, multidisciplinary research andsecurity education, EuroSOUPS could become a significantEuropean and International forum for furthering the scienceof usable privacy and security.6. RESEARCH BACKGROUNDIvan Fléchais has been researching the problem of howto develop secure and usable systems since 2001. His PhDthesis, supervised by Prof. Angela Sasse and entitled “De-signing Secure and Usable Systems” [6], describes AEGIS :the first engineering process aimed at supporting developersin creating usable secure systems [7]. Since then, his researchhas focussed on exploring how to further bring usability andsecurity into the software engineering process, work that hasmost recently been in collaboration with Shamal Faily. Inconjunction with another of his doctoral students, RonaldKainda, his research into secure mobile device pairing hasinvestigated the security and usability of different pairingmethods, and proposed novel ones [8, 10, 9, 11].Shamal Faily is a doctoral student at the Oxford Uni-versity Computing Laboratory. Shamal’s research involvesunderstanding how existing techniques and tools can be in-tegrated to support the design of usable and secure system.This research has resulted in IRIS : a design framework forspecifying usable and secure systems [2], the CAIRIS toolfor supporting this framework [5], and the adaptation ofPersonas to secure systems design [3, 4]. Prior to start-ing his doctoral research, Shamal spent nearly 10 years as asoftware engineer at Logica.7. REFERENCES[1] R. Anderson. Security engineering: a guide to buildingdependable distributed systems. Wiley, Indianapolis,IN, 2nd ed edition, 2008.[2] S. Faily and I. Fléchais. A Meta-Model for UsableSecure Requirements Engineering. In SoftwareEngineering for Secure Systems, 2010. SESS ’10.ICSE Workshop on, pages 126–135. IEEE ComputerSociety Press, May 2010.[3] S. Faily and I. Fléchais. Barry is not the weakest link:Eliciting Secure System Requirements with Personas.In BCS HCI ’10: Proceedings of the 2010 BritishComputer Society Conference on Human-ComputerInteraction, 2010.[4] S. Faily and I. Fléchais. The secret lives ofassumptions: Developing and refining assumptionpersonas for secure system design. In HCSE’2010:Proceedings of the 3rd Conference on Human-CenteredSoftware Engineering, pages 111–118. Springer, 2010.[5] S. Faily and I. Fléchais. Towards tool-support forUsable Secure Requirements Engineering withCAIRIS. International Journal of Secure SoftwareEngineering, 1(3):57–71, 2010.[6] I. Fléchais. Designing Secure and Usable Systems.PhD thesis, University College London, 2005.[7] I. Fléchais, M. A. Sasse, and S. M. V. Hailes. Bringingsecurity home: a process for developing secure andusable systems. In NSPW ’03: Proceedings of the 2003workshop on New security paradigms, pages 49–57,New York, NY, USA, 2003. ACM.[8] R. Kainda, I. Fléchais, and A. Roscoe. Usability andsecurity of out-of-band channels in secure devicepairing protocols. In SOUPS ’09: Proceedings of the5th Symposium on Usable Privacy and Security, July2009.[9] R. Kainda, I. Fléchais, and A. Roscoe. Secure andUsable Out-Of-Band Channels for Ad hoc MobileDevice Interactions, chapter Secure and UsableOut-Of-Band Channels for Ad hoc Mobile DeviceInteractions. 2010.[10] R. Kainda, I. Fléchais, and A. Roscoe. Security andusability: Analysis and evaluation. In Availability,Reliability and Security, 2010. ARES 10. FifthInternational Conference on, 2010.[11] R. Kainda, I. Fléchais, and A. W. Roscoe. Two headsare better than one: Security and usability of deviceassociations in group scenarios. In Proceedings of the2010 Symposium on Usable Privacy and Security(SOUPS 2010), 2010.[12] A. Kerckhoffs. La cryptographie militaire. Journal desSciences Militaires, pages 5–38, 1883.

Security and usability: searching for the philosopher's stone.

https://rgu-repository.worktribe.com/preview/1545172/FL%C3%89CHAIS%202010%20Security%20and%20usability.pdf

Security and usability: searching for the philosopher's stone.

Abstract

Similar works

Full text

Available Versions

Open Access Institutional Repository at Robert Gordon University