Usability, Security and Privacy

Similar documents
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

CSE 127: Computer Security. Security Concepts. Kirill Levchenko

Operational Network Security

Personal Cybersecurity

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

MU2b Authentication, Authorization and Accounting Questions Set 2

Issues of Operating Systems Security

QuickBooks Online Security White Paper July 2017

Lecture Embedded System Security Introduction to Trusted Computing

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Pass Microsoft Exam

standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices

Introduction to Information Security Dr. Rick Jerz

Jeffrey Friedberg. Chief Trust Architect Microsoft Corporation. July 12, 2010 Microsoft Corporation

Securing the FOSS VistA Stack

Data Security: Public Contracts and the Cloud

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Is Your Web Application Really Secure? Ken Graf, Watchfire

Net Trust: User-Centered Detection of Pharming, Phishing and Fraud. L Jean Camp

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017

IST346: Information Security Risk Management

Enterprise Simply Trustworthy?

Cyber Security Practice Questions. Varying Difficulty

Eoin Woods Secure by Design security design principles for the rest of us

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Mobile Payment Security

Altitude Software. Data Protection Heading 2018

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

PRACTICAL SECURITY PRINCIPLES FOR THE WORKING ARCHITECT. Eoin Woods,

Cloud-Security: Show-Stopper or Enabling Technology?

IS Today: Managing in a Digital World 9/17/12

Systems Analysis and Design in a Changing World, Fourth Edition

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Lecture 3 - Passwords and Authentication

Four Grand Challenges in Trustworthy Computing

Trusted Computing Today: Benefits and Solutions

Securing Your Cloud Introduction Presentation

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web

Introduction. Read on and learn some facts about backup and recovery that could protect your small business.

Lecture Embedded System Security Introduction to Trusted Computing

CS6501: Great Works in Computer Science

Information Security. Structure. Common sense security. Content. Corporate security. Security, why

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

THE STATE OF CLOUD & DATA PROTECTION 2018

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

How to Build a Culture of Security

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide

Simplify PCI Compliance

Lecture 3 - Passwords and Authentication

UNLOCKED DOORS RESEARCH SHOWS PRINTERS ARE BEING LEFT VULNERABLE TO CYBER ATTACKS

Treasury Services Group Number Treasury Management Officer

Are You Avoiding These Top 10 File Transfer Risks?

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Compliance Is Security. Presented by: Jeff Hall Optiv Security

Figure 11-1: Organizational Issues. Managing the Security Function. Chapter 11. Figure 11-1: Organizational Issues. Figure 11-1: Organizational Issues

ITU WSIS THEMATIC MEETING ON CYBERSECURITY, GENEVA, SWITZERLAND, 28 JUNE -1 JULY PAPER ON THE STATE OF CYBERSECURITY IN UGANDA.

Vendor: Microsoft. Exam Code: Exam Name: MTA Security Fundamentals Practice Test. Version: Demo

DMARC ADOPTION AMONG

GUIDE. MetaDefender Kiosk Deployment Guide

CHAPTER 8 SECURING INFORMATION SYSTEMS

Advanced Security Measures for Clients and Servers

Network Security - ISA 656 Routing Security

1. CyberCIEGE Advanced VPNs

IOT Security More than just the network..

Breakdown of Some Common Website Components and Their Costs.

Network Security - ISA 656 Intro to Firewalls

Adobe Security Survey

Security. Bob Shantz Director of Infrastructure & Cloud Services Computer Guidance Corporation. All Rights Reserved.

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Best Practices With IP Security.

Laura Arribas Vodafone WAC 6th ETSI Security Workshop January ETSI, Sophia Antipolis, France

HIPAA / HITECH Overview of Capabilities and Protected Health Information

Protecting Your Cloud

Information Security BYOD Procedure

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Security Best Practices. For DNN Websites

THALES DATA THREAT REPORT

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Easy IT Audit Engagements

Top 10 Considerations for Securing Private Clouds

Bill Wear. VirtualVault Product Manager. Internet Banking Case Study

Layered Access Control-Six Defenses That Work. Joel M Snyder Senior Partner Opus One, Inc.

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

Security+ SY0-501 Study Guide Table of Contents

The State of Privacy in Washington State. August 16, 2016 Alex Alben Chief Privacy Officer Washington

What is Cybersecurity. in a Security Program?

Management Information Systems. B15. Managing Information Resources and IT Security

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

A Survival Guide to Continuity of Operations. David B. Little Senior Principal Product Specialist

The Cyber War on Small Business

HIPAA Regulatory Compliance

Identity-Based Cyber Defense. March 2017

Putting security first for critical online brand assets. cscdigitalbrand.services

Complete document security

Who s Protecting Your Keys? August 2018

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

Transcription:

Usability, Security and Privacy Computer Science and Telecommunications Board Butler Lampson Microsoft Research July 21, 2009 1

Usable Security: Things Are Really Bad Users don t know how to think about security User experience is terrible Lots of incomprehensible choices Lots of chances to say OK A few examples: Windows Vista User Account Control Windows root certificate store User interface for access control on files Password phishing Client certificates for SSL Signed or encrypted email In general, more secure = less usable 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 2

The Best is the Enemy of the Good Security is fractal Each part is as complex as the whole There are always more things to worry about See Mitnick s Art of Deception, ch. 16 on social engineering Security experts always want more More options : There s always a plausible scenario More defenses: There s always a plausible threat Users just want to do their work If it s not simple, they will ignore it or work around it If you force them, less useful work will get done 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 3

USP Is About Economics Security is about risk management, not an absolute There s benefit, and there s cost We don t measure either one Compare credit cards: fraud detection, CCVs, chip-and-pin The cost is not mostly in budgeted dollars If you want security, you must be prepared for inconvenience. General B. W. Chidlaw, 12 Dec. 1954 Sloppy users are doing the right thing Given today s lousy usability Since the benefits of better security are not that big Providers have no incentive for usable security They mostly just want to avoid bad publicity Tight security no security 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 4

Security is about Technical Context Secrecy Who knows it? Integrity Who changed it? Availability Is it working? Accountability Who is to blame? Privacy is about controlling personal information What is known very hard How it is used mainly by regulation Two faces of security: Policy vs. bugs Policy: user s rules for security / privacy Bugs : ways to avoid policy 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 5

Context: The Access Control Model 1. Isolation boundary limits attacks to channels (no bugs) 2. Access Control for channel traffic 3. Policy management Authentication Authorization Principal Do operation Reference monitor Object Source Request Guard Resource 1. Isolation boundary 2. Access control 3. Policy Policy Audit log 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 6

Context: The Information Flow Model 0. Isolation boundary limits flows to channels (no bugs) 1. Labeled information 2. Flow control based on labels 3. Policy says what flows are allowed Authorization Information + Label Source Reference monitor Guard Authentication Send Transmit Principal Sink 1. Labels 2. Flow control 3. Policy Policy Audit Log 0. Isolation boundary 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 7

User Models Users need a model they can understand It has to be simple (with room for elaboration) It has to (usually) not cause much hassle It has to be true (given some assumptions) It does not have to match the implementation It gets compiled or interpreted, just like a language A user model is for saying what happens Vocabulary: Objects and actions (nouns and verbs) Policy: what should happen General rules + exceptions Must be meaningful, and small enough to audit History: what did happen 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 8

Metrics Cost of getting security / privacy Sand in the gears Time spent setting policy Budgeted dollars for software, firewalls,... Expected cost of not having security / privacy Cost and risk of a breach Both are hard to come by 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 9

Examples of Ideal Usability Authentication Easy two factor: Prox card / phone + fingerprint / PIN Authorization Access tied to place: Public, family, private folders Declarative policy: Account owner can transfer cash Information flow labels: Money, medical, private,... Recovery Privacy Time machine; reset software Information flow + auditing 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 10

Accountability Real world security is about deterrence, not locks On the net, can t find bad guys, so can t deter them Fix? End nodes enforce accountability Refuse messages that aren t accountable enough or strongly isolate those messages Senders are accountable if you can punish them With dollars, ostracism, firing, jail,... All trust is local Need an ecosystem for Senders becoming accountable Receivers demanding accountability Third party intermediaries 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 11

Accountability vs. Access Control In principle there is no difference but Accountability is about punishment, not access Hence audit is critical But coarse-grained control is OK fix errors later 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 12

Freedom with Accountability? Partition world into two parts: Green: More safe/accountable Red : Less safe/unaccountable Red / green has two aspects, mostly orthogonal User experience Isolation mechanism Green world needs professional management 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 13

Red Green Less trustworthy Less accountable entities N attacks/yr (N >> m) More trustworthy More accountable entities m attacks/yr My Red Computer Less valuable assets My Green Computer More valuable valuable assets assets Entities - Programs - Network hosts - Administrators N attacks/year on less valuable assets 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote m attacks/year on more valuable assets 14

What Can Research Do? A way to measure the cost of inconvenience Even better: A knob to adjust the cost/security tradeoff Some good user models for security and privacy Even better: One model that people agree on Some ideal solutions for basic scenarios Perhaps not feasible today, but not rocket science An infrastructure for accountability That allows users to make choices they can understand Incentives for providers to make security usable 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 15

Conclusions Things are really bad for usable security & privacy Need to focus on essentials, not on frills The root cause is economics Users don t care much about security We don t measure the costs Either of getting security, or of not having it Providers have no incentive to make security usable They mostly want to avoid bad publicity Users need a model they can understand It has to be simple (with room for elaboration) In this workshop: Ideas, not hand-wringing 20 July 2009 Lampson: Usability, Security and Privacy Workshop Keynote 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback