Presentation is loading. Please wait.

Presentation is loading. Please wait.

Usable security: Problems

Published byEdward Brooks Modified over 6 years ago

Similar presentations

Presentation on theme: "Usable security: Problems"— Presentation transcript:

1 Usable security: Problems
ECE 695 Alexander J. Quinn 3/19/2018

2 Credit: ‘jrockway’ @ https://slashdot. org/comments. pl

3 (about SSL and Man-In-Demo attacks)
Problem (about SSL and Man-In-Demo attacks)

4 Problem: expecting too much Symptoms: security risks
Overview Problem: expecting too much Symptoms: security risks Weak passwords Phishing Downloading malware Social engineering Solutions: design … and more backend security

5 Problem Expecting too much rationality Expecting too much attention Expecting too much memory Expecting too much knowledge Expecting too much concern

6 Credit: Don Norman, Design of Everyday Things, chapter 2, p. 65

7

8 Which of these passwords meets the rules. 1. random-dancer 2
Which of these passwords meets the rules? 1. random-dancer 2. d9l3c93jdlcks93jckdoekcjslqp 3. FuddyHuffaker_$0cje 4.

9 Credit: The Psychology of Security Usability

10 Subjective Expected Utility Theory
Assume: User has a utility function to rank options based on future outcomes User knows all possible alternative strategies User can estimate probability of outcomes for each alternative User will choose an alternative based on subjective expected utility Credit: The Psychology of Security Usability

11 Subjective Expected Utility Theory
for each possible decision alternative: x = all possible consequences of making a decision, which includes recursive evaluation of any carry-on effects); p(x) = quantitative probability for x; U(x) = subjective utility of each consequence; p(x) × U(x) = probability multiplied by subjective utility; Credit: Peter Gutmann, Engineering Security (draft, April 2014)

12 For exercise next time…
If the 3rd digit of your PUID (or SSN) is odd, then think of the worst instance of unusable security you’ve ever seen. If the 3rd digit is even, think of one that is fake, but might sound real. Get ready to give a 30-second description. We’ll vote and see how well we can guess.

Download ppt "Usable security: Problems"

Similar presentations

Where Do All the Attacks Go? Dinei Florencio and Cormac Herley Microsoft Research, Redmond.

Where Do All the Attacks Go? Dinei Florencio and Cormac Herley Microsoft Research, Redmond.
Is It Rational to Vote? Political scientists study all aspects of voting behavior. The most interesting question, of course, is who votes for whom and.

Is It Rational to Vote? Political scientists study all aspects of voting behavior. The most interesting question, of course, is who votes for whom and.
15 THEORY OF GAMES CHAPTER.

15 THEORY OF GAMES CHAPTER.
Scrum Team Management System (Scream) Christopher Jolly Alexander Kivaisi Cliff Siyam.

Scrum Team Management System (Scream) Christopher Jolly Alexander Kivaisi Cliff Siyam.
The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:4221 4090

The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:
1 Utility Theory. 2 Option 1: bet that pays $5,000,000 if a coin flipped comes up tails you get $0 if the coin comes up heads. Option 2: get $2,000,000.

1 Utility Theory. 2 Option 1: bet that pays $5,000,000 if a coin flipped comes up tails you get $0 if the coin comes up heads. Option 2: get $2,000,000.
Decision making and economics. Economic theories Economic theories provide normative standards Expected value Expected utility Specialized branches like.

Decision making and economics. Economic theories Economic theories provide normative standards Expected value Expected utility Specialized branches like.
Markov Decision Processes

Markov Decision Processes
Part 2c: Requirements Chapter 2: How to Gather Requirements: Some Techniques to Use Chapter 3: Finding Out about the Users and the Domain Chapter 4: Finding.

Part 2c: Requirements Chapter 2: How to Gather Requirements: Some Techniques to Use Chapter 3: Finding Out about the Users and the Domain Chapter 4: Finding.
1 A Brief History of Descriptive Theories of Decision Making Kiel, June 9, 2005 Michael H. Birnbaum California State University, Fullerton.

1 A Brief History of Descriptive Theories of Decision Making Kiel, June 9, 2005 Michael H. Birnbaum California State University, Fullerton.
MA 102 Statistical Controversies Monday, April 1, 2002 Today: Randomness and probability Probability models and rules Reading (for Wednesday): Chapter.

MA 102 Statistical Controversies Monday, April 1, 2002 Today: Randomness and probability Probability models and rules Reading (for Wednesday): Chapter.
Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.
Problem Solving and Decision Making A situation that exists when objectives are not being met. Problem Solving The process of taking corrective.

Problem Solving and Decision Making A situation that exists when objectives are not being met. Problem Solving The process of taking corrective.
Dynamic Network Security Deployment under Partial Information George Theodorakopoulos (EPFL) John S. Baras (UMD) Jean-Yves Le Boudec (EPFL) September 24,

Dynamic Network Security Deployment under Partial Information George Theodorakopoulos (EPFL) John S. Baras (UMD) Jean-Yves Le Boudec (EPFL) September 24,
Decision. Decision Summary Search for alternatives Descriptive, normative, prescriptive Expected Utility: normative theory of decision Psychology of decision.

Decision. Decision Summary Search for alternatives Descriptive, normative, prescriptive Expected Utility: normative theory of decision Psychology of decision.
6/30/20151 Decision Making 3 Factors in decision- making.

6/30/20151 Decision Making 3 Factors in decision- making.
Decision Making Decision-making is based on information Information is used to: Identify the fact that there is a problem in the first place Define and.

Decision Making Decision-making is based on information Information is used to: Identify the fact that there is a problem in the first place Define and.
Ethics in Information Technology, Second Edition 1 Ethics in Information Technology, Second Edition (cont.) Chapter 1 An Overview of Ethics.

Ethics in Information Technology, Second Edition 1 Ethics in Information Technology, Second Edition (cont.) Chapter 1 An Overview of Ethics.
Engineering Secure Software. Why do we study risk?  Many outcomes are possible, not all are probable  Enumeration  Prioritization  Discussion.

Engineering Secure Software. Why do we study risk?  Many outcomes are possible, not all are probable  Enumeration  Prioritization  Discussion.
Learning Objectives LO1 Explain the role of professional judgment in audit sampling decisions. LO2 Distinguish audit sampling work from nonsampling work.

Learning Objectives LO1 Explain the role of professional judgment in audit sampling decisions. LO2 Distinguish audit sampling work from nonsampling work.

Similar presentations

Ads by Google