HCI & Security Systems Workshop Summary
�
Workshop Goals
This workshop sought to understand the roles and demands placed on
users of security systems, and explored design solutions that can
assist in making security systems usable and effective. In addition
to examining end-users, this workshop also examined the issues faced
by security system developers and operators. The goal of the workshop
was to build a network of interested people, share research activities
and results, discuss high priority areas for research and development,
and explore opportunities for collaboration.
Key Points From Papers
Process
- Personnel costs and other business costs of security need greater
attention
- Users’ security needs often differ from corporate security needs
- User vigilance differs between corporate and personal contexts
- Security and UI design must be integral in application development
- Assumptions underlying security policies should be empirically tested
User Perspectives
- Users view potential threats very differently from security experts
- Explanations at decision points are overwhelming to users and should
be staged
- Complexities of security & privacy must be translated to user terms
(e.g., privacy policies)
- Technologies like PKI are a poor fit to mental models of typical users
- User judgements of trustworthiness are often based on factors
unrelated to security
Design
- People are central to security
- Radical adjustment of underlying technology may be necessary to meet
user needs
- Secure interaction design can be at least partially formalized
Applications
- Credential recovery is a pressing challenge for existing systems
- Visualization can be used effectively for security tools (e.g.,
network monitoring)
Research Themes
"Transparency"
- Technologists use 'transparency' to mean the hiding of security
mechanisms
- Users use ‘transparency’ to mean making security mechanisms visible
- Both have their place, but the technologist view is currently over-
represented
Authentication
- Systems support delegation badly, so users are forced to share passwords
- Biometrics are not secret, and people generally don't understand that
- People don't understand the value and potential liability associated
with biometrics
- Graphical passwords are promising, but may not scale across multiple
systems
- Poor password practices have been quantified empirically
Operations
- System administrators face significant usability issues
- The issues are generally different from those faced by end users
- Administrators are often resistant to change, sometimes for reasons
beyond their control
Design
- Security experts tend to prefer clearly defined objectives
- Problems examined by security experts are often not the security
problems end users experience
- An important distinction is between education (presenting
information) and training (forming habits through repeated action)
- Security is often perceived to be at odds with performance and ease
of communication, and finding ways to reconcile the two is an
important goal
- Do security solutions belong as tools, appliances, or built-in to
the operating system?
Meta-Themes
Integrate Security & Usability
- Communication between security and HCI experts is essential
- e.g., co-authoring papers
- e.g., integrated design/review teams
- There is often a fundamental misalignment of research goals which
should be discussed openly
- It must be an equal partnership, not a patronizing one
- The security community is currently fairly receptive to guidance in
HCI matters
A Different Message for Each Community
- We need rich and compelling stories to foster understanding of HCI
issues within the security community
- HCI people entering field should anticipate the need to develop this
communication
Guiding Principles
- Security is for people to control, not to control people
- We need to fully characterize target users in specific contexts, not
treat them as uniform and generic
- We should apply user-centered design to security problems to
demonstrate
- that it is possible
- that doing so can improve upon what would otherwise be achieved
- HCI methodology compliments traditional security design
Unique Challenges
- Success in security is invisible
- it's not clear when you're finished
- the results are rarely gratifying in themselves
- Security is almost always a secondary task or goal
- Security designs must withstand active adversaries
- Security people like mathematical proofs, but there are none to be
found in this area
Possible Follow-Up
- CHI panel
- Workshop and/or panel at a security conference
- Special issue of a journal or magazine