Security and Usability (Paperback)

Security and Usability (Paperback)

作者: Lorrie Faith Cranor Simson Garfinkel
出版社: O'Reilly
出版在: 2005-09-20
ISBN-13: 9780596008277
ISBN-10: 0596008279
裝訂格式: Paperback
總頁數: 740 頁





內容描述


Description:

Human factors and usability issues have
traditionally played a limited role in security research and secure systems
development. Security experts have largely ignored usability issues--both
because they often failed to recognize the importance of human factors and
because they lacked the expertise to address them.
But there is a growing recognition that today's
security problems can be solved only by addressing issues of usability and
human factors. Increasingly, well-publicized security breaches are attributed
to human errors that might have been prevented through more usable software.
Indeed, the world's future cyber-security depends upon the deployment of
security technology that can be broadly used by untrained computer
users.
Still, many people believe there is an inherent
tradeoff between computer security and usability. It's true that a computer
without passwords is usable, but not very secure. A computer that makes you
authenticate every five minutes with a password and a fresh drop of blood
might be very secure, but nobody would use it. Clearly, people need computers,
and if they can't use one that's secure, they'll use one that isn't.
Unfortunately, unsecured systems aren't usable for long, either. They get
hacked, compromised, and otherwise rendered useless.
There is increasing agreement that we need to
design secure systems that people can actually use, but less agreement about
how to reach this goal. Security & Usability is the first
book-length work describing the current state of the art in this emerging
field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson
Garfinkel, and authored by cutting-edge security and human-computer
interaction (HCI) researchers world-wide, this volume is expected to
become both a classic reference and an inspiration for future research.
Security & Usability groups 34
essays into six parts:

Realigning Usability and Security---with
careful attention to user-centered design principles, security and usability
can be synergistic.
Authentication Mechanisms-- techniques for
identifying and authenticating computer users.
Secure Systems--how system software can
deliver or destroy a secure user experience.
Privacy and Anonymity Systems--methods for
allowing people to control the release of personal information.
Commercializing Usability: The Vendor
Perspective--specific experiences of security and software vendors (e.g.,
IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.

The Classics--groundbreaking papers that
sparked the field of security and usability.

This book is expected to start an avalanche
of discussion, new ideas, and further advances in this important field.
 
 
Table of
Contents:

  1. Preface
    Part. Realigning Usability and
    Security
  2. Psychological Acceptability
    RevisitedMatt Bishop 1
  3. Usable SecurityM. Angela
    Sasse and Ivan Flechais 13
  4. Design for UsabilityBruce
    Tognazzini 29
  5. Usability Design and Evaluation for
    Privacy and Security SolutionsClare-Marie Karat, Carolyn Brodie, and
    John Karat 45
  6. Designing Systems That People Will
    TrustAndrew S. Patrick, Pamela Briggs, and Stephen Marsh
    71
    Part. Authentication
    Mechanisms
  7. Evaluating Authentication
    MechanismsKaren Renaud 97
  8. The Memorability and Security of
    PasswordsJeff Yan, Alan Blackwell, Ross Anderson, and Alasdair Grant
    121
  9. Designing Authentication Systemswith
    Challenge QuestionsMike Just 135
  10. Graphical PasswordsFabian
    Monrose and Michael K. Reiter 147
  11. Usable BiometricsLynne
    Coventry 165
  12. Identifying Users from Their Typing
    PatternsAlen Peacock, Xian Ke, and Matt Wilkerson
    187
  13. The Usability of Security
    DevicesUgo Piazzalunga, Paolo Salvaneschi, and Paolo Coffetti
    209
    Part. Secure
    Systems
  14. Guidelines and Strategies for Secure
    Interaction DesignKa-Ping Yee 235
  15. Fighting Phishing at the User
    InterfaceRobert C. Miller and Min Wu 263
  16. Sanitization and
    UsabilitySimson Garfinkel 281
  17. Making the Impossible Easy: Usable
    PKIDirk Balfanz, Glenn Durfee, and D.K. Smetters 305
  18. Simple Desktop Security with
    ChameleonA. Chris Long and Courtney Moskowitz 321
  19. Security Administration Tools and
    PracticesEser Kandogan and Eben M. Haber 343
    Part. Privacy and Anonymity
    Systems
  20. Privacy Issues and Human-Computer
    InteractionMark S. Ackerman and Scott D. Mainwaring
    365
  21. A User-Centric Privacy Space
    FrameworkBenjamin Brunk 383
  22. Five Pitfalls in the Design for
    PrivacyScott Lederer, Jason I. Hong, Anind K. Dey, and James A. Landay
    403
  23. Privacy Policies and Privacy
    PreferencesLorrie Faith Cranor 429
  24. Privacy Analysis for the Casual User
    with BugnosisDavid Martin 455
  25. Informed Consent by
    DesignBatya Friedman, Peyina Lin, and Jessica K. Miller
    477
  26. Social Approaches to End-User
    Privacy ManagementJeremy Goecks and Elizabeth D. Mynatt
    505
  27. Anonymity Loves Company: Usability
    and the Network EffectRoger Dingledine and Nick Mathewson
    529
    Part. Commercializing Usability:
    The Ventor Perspective
  28. ZoneAlarm: Creating Usable Security
    Products for ConsumersJordy Berson 545
  29. Firefox and the Worry-Free
    WebBlake Ross 559
  30. Users and Trust: A Microsoft Case
    StudyChris Nodder 571
  31. IBM Lotus Notes/Domino: Embedding
    Security in Collaborative ApplicationsMary Ellen Zurko
    589
  32. Achieving Usable Security in Groove
    Virtual OfficeGeorge Moromisato, Paul Boyd, and Nimisha Asthagiri
    605
    Part. The
    Classics
  33. Users Are Not the EnemyAnne
    Adams and M. Angela Sasse 619
  34. Usability and Privacy:A Study of
    KaZaA P2P File SharingNathaniel S. Good and Aaron Krekelberg
    631
  35. Why Johnny Can't EncryptAlma
    Whitten and J. D. Tygar 649
    Index



相關書籍

Wireshark 網絡分析的藝術

作者 林沛滿

2005-09-20

Python滲透測試編程技術:方法與實踐(第2版)

作者 李華峰

2005-09-20

Professional Red Teaming: Conducting Successful Cybersecurity Engagements

作者 Jacob G. Oakley

2005-09-20