TOWARD BETTER USABILITY, SECURITY, AND PRIVACY OF INFORMATION TECHNOLOGY

REPORT OF A WORKSHOP

Steering Committee on the Usability, Security, and Privacy of Computer Systems

Computer Science and Telecommunications Board

Division on Engineering and Physical Sciences

NATIONAL RESEARCH COUNCIL
OF THE NATIONAL ACADEMIES

THE NATIONAL ACADEMIES PRESS

Washington, D.C.
www.nap.edu



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page R1
TOWARD BETTER USABILIT Y, SECURITY, AND PRIVACY OF INFORMATION TECHNOLOGY REPORT OF A WORKSHOP Steering Committee on the Usability, Security, and Privacy of Computer Systems Computer Science and Telecommunications Board Division on Engineering and Physical Sciences

OCR for page R1
THE NATIONAL ACADEMIES PRESS 500 Fifth Street, N.W. Washington, DC 20001 NOTICE: The project that is the subject of this report was approved by the Govern­ ing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineer­ ing, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance. This project was supported by the National Science Foundation under Grant No. CNS­0841126 and the National Institute of Standards and Technology under Grant No. 70NANB8H8126. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the view of the organizations or agencies that provided support for this project. International Standard Book Number­13: 978­0­309­16090­2 International Standard Book Number­10: 0­309­16090­1 Copies of this report are available from: The National Academies Press 500 Fifth Street, N.W., Lockbox 285 Washington, DC 20055 (800) 624­6242 (202) 334­3313 (in the Washington metropolitan area) Internet: http://www.nap.edu Copyright 2010 by the National Academy of Sciences. All rights reserved. Printed in the United States of America

OCR for page R1
The National Academy of Sciences is a private, nonprofit, self­perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal govern ­ ment on scientific and technical matters. Dr. Ralph J. Cicerone is president of the National Academy of Sciences. The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its mem ­ bers, sharing with the National Academy of Sciences the responsibility for advis ­ ing the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Charles M. Vest is president of the National Academy of Engineering. The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Harvey V. Fineberg is president of the Institute of Medicine. The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in pro ­ viding services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Ralph J. Cicerone and Dr. Charles M. Vest are chair and vice chair, respectively, of the National Research Council. www.national-academies.org

OCR for page R1

OCR for page R1
STEERING COMMITTEE ON THE uSAbILITy, SECuRITy, AND PRIvACy OF COMPuTER SySTEMS NICHOLAS ECONOMIDES, New York University, Chair LORRIE FAITH CRANOR, Carnegie Mellon University JAMES D. FOLEY, Georgia Institute of Technology SIMSON L. GARFINkEL, Naval Postgraduate School BUTLER W. LAMPSON, Microsoft Corporation SUSAN LANDAU, Radcliffe Institute for Advanced Study DONALD A. NORMAN, Northwestern University CHARLES P. PFLEEGER, Pfleeger Consulting Group Staff JON EISENBERG, Director, Computer Science and Telecommunications Board NANCY GILLIS, Program Officer (through January 2010) SHENAE BRADLEY, Senior Program Assistant 

OCR for page R1
COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD ROBERT F. SPROULL, Oracle Corporation, Chair PRITHVIRAJ BANERJEE, Hewlett-Packard Company STEVEN M. BELLOVIN, Columbia University SEYMOUR E. GOODMAN, Georgia Institute of Technology JOHN E. KELLY III, IBM JON M. KLEINBERG, Cornell University ROBERT KRAUT, Carnegie Mellon University SUSAN LANDAU, Radcliffe Institute for Advanced Study DAVID E. LIDDLE, US Venture Partners WILLIAM H. PRESS, University of Texas, Austin PRABHAKAR RAGHAVAN, Yahoo! Labs DAVID E. SHAW, D.E. Shaw Research ALFRED Z. SPECTOR, Google, Inc. JOHN A. SWAINSON, Silver Lake PETER SZOLOVITS, Massachusetts Institute of Technology PETER J. WEINBERGER, Google, Inc. ERNEST J. WILSON, University of Southern California Staff JON EISENBERG, Director VIRGINIA BACON TALATI, Associate Program Officer SHENAE BRADLEY, Senior Program Assistant RENEE HAWKINS, Financial and Administrative Manager HERBERT S. LIN, Chief Scientist EMILY ANN MEYER, Program Officer LYNETTE I. MILLETT, Senior Program Officer ERIC WHITAKER, Senior Program Assistant ENITA A. WILLIAMS, Associate Program Officer For more information on CSTB, see its website at http://www.cstb.org, write to CSTB, National Research Council, 500 Fifth Street, N.W., Washington, DC 20001, call (202) 334-2605, or e-mail the CSTB at cstb@nas.edu. vi

OCR for page R1
Preface Usability has emerged as a significant issue in ensuring the secu ­ rity and privacy of computer systems. More­usable security can help avoid the inadvertent (or even deliberate) undermining of security by users. Indeed, without sufficient usability to accomplish tasks efficiently and with less effort, users will often tend to bypass security features. A small but growing community of researchers, with roots in such fields as human­computer interaction, psychology, and computer security, has been conducting research in this area. With sponsorship from the National Science Foundation and the National Institute of Standards and Technology, the National Research Council’s Computer Science and Telecommunications Board conducted a 2­day workshop in July 2009 to identify promising research directions that would help advance usability, security, and privacy. It was also intended that the workshop would build awareness—in the research commu­ nity as well as in federal agencies and the broader technical community responsible for the design, development, and deployment of information systems—of the challenges at the nexus of usability and security/privacy, the trade­offs that exist today, and the opportunities for making advances. A single workshop of this sort cannot be comprehensive; indeed, impor­ tant topics such as the special usability considerations faced by those with impairments were not covered. The Steering Committee on the Usability, Security, and Privacy of Computer Systems was convened to plan the workshop (biosketches of the steering committee members can be found in Appendix C). The work­ ii

OCR for page R1
iii PREFACE BOX P.1 Statement of Task An ad hoc committee will plan and conduct a public workshop on ways to advance the usability, security, and privacy of computer systems. The workshop will feature invited presentations and discussions on the state-of-the-art in usability, security, and privacy and how usability contributes to security and pri- vacy. The agenda should include topics on ways to mutually advance objectives in usability and security/privacy especially in cases that replace trade-offs (e.g., between usability and security) with win-win scenarios. It should also include topics on research opportunities and potential roles for the federal govern- ment, academia, and industry and ways to embed usability considerations in research, design, and development related to security, privacy and vice versa. A report of the workshop will be issued. shop was designed to identify research opportunities and potential roles for the federal government, academia, and industry and ways to embed usability considerations in research, design, and development related to security and privacy, and vice versa (the formal statement of task appears in Box P.1). This report summarizes the workshop. As a workshop report, it does not necessarily reflect the consensus views of the committee or the work ­ shop participants, and the committee was not asked to provide findings or recommendations. The workshop was structured to gather suggestions from experts on computer security, privacy, and usability, as well as from economists and sociologists on new research topics within the intersection of usability, security, and privacy. It also involved a number of federal government representatives interested in usability, security, and privacy research. A detailed agenda can be found in Appendix A, and a list of workshop participants can be found in Appendix B. The workshop featured two overview presentations, the first address­ ing computer security and the second addressing usability (summarized in Chapter 2). It also included six presentations intended to provide an overview of current and prospective research topics (summarized in Chapter 3). Following these talks, workshop participants split into smaller groups that discussed research needs and opportunities, addressing the topics listed in Appendix A. They were provided in advance with a set of potential research questions developed by the steering committee. The committee’s summary of results from the breakout sessions is presented

OCR for page R1
ix PREFACE in Chapter 4. Chapter 5 discusses overarching questions in advancing research in usability, security, and privacy. The committee thanks the workshop participants for their thought­ ful presentations and discussion. It also acknowledges the financial sup ­ port provided by the project’s sponsors, the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST), and it appreciates the encouragement and support of Mary F. Theofanos (NIST) and karl N. Levitt and C. Suzanne Iacono (NSF). Nicholas Economides, Chair Steering Committee on the Usability, Security, and Privacy of Computer Systems

OCR for page R1

OCR for page R1
Acknowledgment of Reviewers This report has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the National Research Council’s (NRC’s) Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published report as sound as possible and to ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their review of this report: Steven M. Bellovin, Columbia University, Bob Blakley, Gartner, Inc., Tadayoshi kohno, University of Washington, Eric Sachs, Google, Inc., and Stuart E. Schechter, Microsoft Research. Although the reviewers listed above have provided many construc­ tive comments and suggestions, they were not asked to endorse the views expressed, nor did they see the final draft of the report before its release. The review of this report was overseen by Joseph F. Traub, Columbia University. Appointed by the NRC, he was responsible for making certain that an independent examination of this report was carried out in accor­ xi

OCR for page R1
xii ACKNOWLEDGMENT OF REVIEWERS dance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this report rests entirely with the authoring committee and the institution.

OCR for page R1
Contents 1 OVERVIEW OF SECURITY, PRIVACY, AND USABILITY 1 Security, 1 Privacy, 3 Usability, 3 Usability, Security, and Privacy, 4 Usability, Security, and Privacy: An Emerging Discipline, 6 2 FRAMING THE SECURITY AND USABILITY CHALLENGES 7 An Overview of the State of Computer Security (Butler Lampson), 7 Usable Security and Privacy: It’s a Matter of Design (Donald Norman), 9 3 CURRENT RESEARCH AT THE INTERSECTION OF USABILITY, SECURITY, AND PRIVACY 11 Usable Privacy (Lorrie Faith Cranor), 11 Economic Issues of Usable Security and Privacy (Nicholas Economides), 14 What Would User­centered Security Look Like? (Angela Sasse), 17 Security in Virtual Worlds (Frank Greitzer), 18 Feeding Practice Back into Research (Mary Ellen Zurko), 19 Cybersecurity Insider Threat (Deanna Caputo), 21 xiii

OCR for page R1
xi CONTENTS 4 SOME POTENTIAL RESEARCH DIRECTIONS FOR FURTHERING THE USABILITY, SECURITY, AND PRIVACY OF COMPUTER SYSTEMS 24 Dimensions of Usability, Security, and Privacy, 24 Metrics, Evaluation Criteria, and Standards, 26 Understanding Users, 27 Incentives for Better Security and Privacy, 30 Approaches to Constructing Systems with “Usable Security,” 32 5 OVERARCHING CHALLENGES TO ADVANCING RESEARCH IN USABILITY, SECURITY, AND PRIVACY 37 Inconsistent Terminology and Definitions, 37 Limited Access to Data, 38 Scarceness of Expertise and Unfamiliarity with Each Other’s Work at the Intersection of Usability, Security, and Privacy, 38 APPENDIxES A WORkSHOP AGENDA 43 B WORkSHOP PARTICIPANTS 46 C BIOSkETCHES OF STEERING COMMITTEE MEMBERS AND STAFF 50