Guidelines and Strategies for Secure Interaction Design
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Human Factors and Usability Issues Have Traditionally Played a Limited Role in Security Research and Secure Systems Development
Security and Usability By Lorrie Faith Cranor, Simson Garfinkel ............................................... Publisher: O'Reilly Pub Date: August 2005 ISBN: 0-596-00827-9 Pages: 738 Table of Contents | Index Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them. But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users. Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless. There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. -
Robust Composition: Towards a Unified Approach To
Robust Composition: Towards a Uni¯ed Approach to Access Control and Concurrency Control by Mark Samuel Miller A dissertation submitted to Johns Hopkins University in conformity with the requirements for the degree of Doctor of Philosophy. Baltimore, Maryland May, 2006 Copyright °c 2006, Mark Samuel Miller. All rights reserved. Permission is hereby granted to make and distribute verbatim copies of this document without royalty or fee. Permission is granted to quote excerpts from this documented provided the original source is properly cited. ii Abstract When separately written programs are composed so that they may cooperate, they may instead destructively interfere in unanticipated ways. These hazards limit the scale and functionality of the software systems we can successfully compose. This dissertation presents a framework for enabling those interactions between components needed for the cooperation we intend, while minimizing the hazards of destructive interference. Great progress on the composition problem has been made within the object paradigm, chiefly in the context of sequential, single-machine programming among benign components. We show how to extend this success to support robust composi- tion of concurrent and potentially malicious components distributed over potentially malicious machines. We present E, a distributed, persistent, secure programming language, and CapDesk, a virus-safe desktop built in E, as embodiments of the tech- niques we explain. Advisor: Jonathan S. Shapiro, Ph.D. Readers: Scott Smith, Ph.D., Yair Amir, Ph.D. iii iv This dissertation is dedicated to the number \3469" and the letter \E". v vi Acknowledgements Jonathan Shapiro, my advisor, for encouraging me to continue this work in an aca- demic setting, and for providing insight, encouragement, and support way beyond the call of any duty. -
Tahoe-LAFS Documentation Release 1.X
Tahoe-LAFS Documentation Release 1.x The Tahoe-LAFS Developers Sep 22, 2021 Contents 1 Welcome to Tahoe-LAFS! 3 1.1 What is Tahoe-LAFS?..........................................3 1.2 What is “provider-independent security”?................................3 1.3 Access Control..............................................4 1.4 Get Started................................................4 1.5 License..................................................5 2 Installing Tahoe-LAFS 7 2.1 Microsoft Windows...........................................7 2.2 Linux, BSD, or MacOS.........................................8 3 Building Tahoe-LAFS on Windows9 4 Building Tahoe-LAFS on Linux 11 4.1 Prerequisites............................................... 11 4.2 Install the Latest Tahoe-LAFS Release................................. 12 5 Building Tahoe-LAFS On A Desert Island 13 5.1 How This Works............................................. 14 6 How To Run Tahoe-LAFS 17 6.1 Introduction............................................... 17 6.2 Do Stuff With It............................................. 19 6.3 Socialize................................................. 20 6.4 Complain................................................. 20 7 Magic Wormhole Invites 21 7.1 Magic Wormhole............................................. 21 7.2 Invites and Joins............................................. 21 7.3 Tahoe-LAFS Secret Exchange...................................... 21 8 Configuring a Tahoe-LAFS node 23 8.1 Node Types............................................... -
Mickaël Salaün Intégration De L'utilisateur Au Contrôle D'accès
THÈSE DE DOCTORAT DE TÉLÉCOM SUDPARIS Spécialité Informatique École doctorale Informatique, Télécommunications et Électronique (Paris) Présentée par Mickaël Salaün Pour obtenir le grade de DOCTEUR de TÉLÉCOM SUDPARIS Sujet de la thèse : Intégration de l’utilisateur au contrôle d’accès : du processus cloisonné à l’interface homme-machine de confiance Soutenue le 2 mars 2018 devant le jury composé de : Président : Gaël Thomas Télécom SudParis Rapporteurs : Michaël Hauspie Université Lille 1, Sciences et Technologies Valérie Viet Triem Tong CentraleSupélec Examinateur : Roland Groz Grenoble INP, Ensimag Directeur de thèse : Hervé Debar Télécom SudParis Co-encadrante : Marion Daubignard ANSSI Invités : Mathieu Blanc CEA Benjamin Morin ANSSI NNT : 2018TELE0006 c 2018 Mickaël Salaün Ce document est placé sous la « Licence Ouverte » publiée par la mission Etalab. Mise à jour du 6 avril 2018 Résumé Cette thèse souhaite fournir des outils pour qu’un utilisateur puisse contribuer activement à la sécurité de son usage d’un système informatique. Les activités de sensibilités différentes d’un utilisateur nécessitent tout d’abord d’être cloisonnées dans des domaines dédiés, par un contrôle d’accès s’ajustant aux besoins de l’utilisateur. Afin de conserver ce cloisonnement, celui-ci doit être en mesure d’identifier de manière fiable les domaines avec lesquels il interagit, à partir de l’interface de sa machine. Dans une première partie, nous proposons un nouveau mécanisme de cloisonnement qui peut s’adapter de manière transparente aux changements d’activité de l’utilisateur, sans altérer le fonctionnement des contrôles d’accès existants, ni dégrader la sécurité du système. Nous en décrivons une première implémentation, nommée StemJail, basée sur les espaces de noms de Linux. -
Tahoe-Lafs-1.13.0.Tar.Bz2 Collecting
Tahoe-LAFS Documentation Release 1.x The Tahoe-LAFS Developers Mar 03, 2021 Contents 1 Welcome to Tahoe-LAFS! 3 1.1 What is Tahoe-LAFS?..........................................3 1.2 What is “provider-independent security”?................................3 1.3 Access Control..............................................4 1.4 Get Started................................................4 1.5 License..................................................5 2 Installing Tahoe-LAFS 7 2.1 First: In Case Of Trouble.........................................7 2.2 Pre-Packaged Versions..........................................7 2.3 Preliminaries...............................................7 2.4 Install the Latest Tahoe-LAFS Release.................................9 2.5 Running the tahoe executable..................................... 10 2.6 Running the Self-Tests.......................................... 10 2.7 Common Problems............................................ 11 2.8 Using Tahoe-LAFS............................................ 11 3 How To Run Tahoe-LAFS 13 3.1 Introduction............................................... 13 3.2 Do Stuff With It............................................. 15 3.3 Socialize................................................. 16 3.4 Complain................................................. 16 4 Magic Wormhole Invites 17 4.1 Magic Wormhole............................................. 17 4.2 Invites and Joins............................................. 17 4.3 Tahoe-LAFS Secret Exchange.....................................