National Academies Press: OpenBook
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

TOWARD BETTER USABILITY, SECURITY, AND PRIVACY OF INFORMATION TECHNOLOGY

REPORT OF A WORKSHOP

Steering Committee on the Usability, Security, and Privacy of Computer Systems

Computer Science and Telecommunications Board

Division on Engineering and Physical Sciences

NATIONAL RESEARCH COUNCIL
OF THE NATIONAL ACADEMIES

THE NATIONAL ACADEMIES PRESS

Washington, D.C.
www.nap.edu

Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

THE NATIONAL ACADEMIES PRESS
500 Fifth Street, N.W.
Washington, DC 20001

NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance.

This project was supported by the National Science Foundation under Grant No. CNS-0841126 and the National Institute of Standards and Technology under Grant No. 70NANB8H8126. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the view of the organizations or agencies that provided support for this project.

International Standard Book Number-13: 978-0-309-16090-2

International Standard Book Number-10: 0-309-16090-1

Copies of this report are available from:

The National Academies Press

500 Fifth Street, N.W., Lockbox 285 Washington, DC 20055 (800) 624-6242 (202) 334-3313 (in the Washington metropolitan area) Internet: http://www.nap.edu

Copyright 2010 by the National Academy of Sciences. All rights reserved.

Printed in the United States of America

Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

THE NATIONAL ACADEMIES

Advisers to the Nation on Science, Engineering, and Medicine


The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Ralph J. Cicerone is president of the National Academy of Sciences.


The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Charles M. Vest is president of the National Academy of Engineering.


The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Harvey V. Fineberg is president of the Institute of Medicine.


The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Ralph J. Cicerone and Dr. Charles M. Vest are chair and vice chair, respectively, of the National Research Council.


www.national-academies.org

Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

This page intentionally left blank.

Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

STEERING COMMITTEE ON THE USABILITY, SECURITY, AND PRIVACY OF COMPUTER SYSTEMS

NICHOLAS ECONOMIDES,

New York University,

Chair

LORRIE FAITH CRANOR,

Carnegie Mellon University

JAMES D. FOLEY,

Georgia Institute of Technology

SIMSON L. GARFINKEL,

Naval Postgraduate School

BUTLER W. LAMPSON,

Microsoft Corporation

SUSAN LANDAU,

Radcliffe Institute for Advanced Study

DONALD A. NORMAN,

Northwestern University

CHARLES P. PFLEEGER,

Pfleeger Consulting Group

Staff

JON EISENBERG, Director,

Computer Science and Telecommunications Board

NANCY GILLIS, Program Officer (through January 2010)

SHENAE BRADLEY, Senior Program Assistant

Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD

ROBERT F. SPROULL,

Oracle Corporation,

Chair

PRITHVIRAJ BANERJEE,

Hewlett-Packard Company

STEVEN M. BELLOVIN,

Columbia University

SEYMOUR E. GOODMAN,

Georgia Institute of Technology

JOHN E. KELLY III,

IBM

JON M. KLEINBERG,

Cornell University

ROBERT KRAUT,

Carnegie Mellon University

SUSAN LANDAU,

Radcliffe Institute for Advanced Study

DAVID E. LIDDLE,

US Venture Partners

WILLIAM H. PRESS,

University of Texas, Austin

PRABHAKAR RAGHAVAN,

Yahoo! Labs

DAVID E. SHAW,

D.E. Shaw Research

ALFRED Z. SPECTOR,

Google, Inc.

JOHN A. SWAINSON,

Silver Lake

PETER SZOLOVITS,

Massachusetts Institute of Technology

PETER J. WEINBERGER,

Google, Inc.

ERNEST J. WILSON,

University of Southern California

Staff

JON EISENBERG, Director

VIRGINIA BACON TALATI, Associate Program Officer

SHENAE BRADLEY, Senior Program Assistant

RENEE HAWKINS, Financial and Administrative Manager

HERBERT S. LIN, Chief Scientist

EMILY ANN MEYER, Program Officer

LYNETTE I. MILLETT, Senior Program Officer

ERIC WHITAKER, Senior Program Assistant

ENITA A. WILLIAMS, Associate Program Officer

For more information on CSTB, see its website at http://www.cstb.org, write to CSTB, National Research Council, 500 Fifth Street, N.W., Washington, DC 20001, call (202) 334-2605, or e-mail the CSTB at cstb@nas.edu.

Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

Preface

Usability has emerged as a significant issue in ensuring the security and privacy of computer systems. More-usable security can help avoid the inadvertent (or even deliberate) undermining of security by users. Indeed, without sufficient usability to accomplish tasks efficiently and with less effort, users will often tend to bypass security features. A small but growing community of researchers, with roots in such fields as human-computer interaction, psychology, and computer security, has been conducting research in this area.

With sponsorship from the National Science Foundation and the National Institute of Standards and Technology, the National Research Council’s Computer Science and Telecommunications Board conducted a 2-day workshop in July 2009 to identify promising research directions that would help advance usability, security, and privacy. It was also intended that the workshop would build awareness—in the research community as well as in federal agencies and the broader technical community responsible for the design, development, and deployment of information systems—of the challenges at the nexus of usability and security/privacy, the trade-offs that exist today, and the opportunities for making advances. A single workshop of this sort cannot be comprehensive; indeed, important topics such as the special usability considerations faced by those with impairments were not covered.

The Steering Committee on the Usability, Security, and Privacy of Computer Systems was convened to plan the workshop (biosketches of the steering committee members can be found in Appendix C). The work-

Page viii Cite
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

BOX P.1

Statement of Task

An ad hoc committee will plan and conduct a public workshop on ways to advance the usability, security, and privacy of computer systems. The workshop will feature invited presentations and discussions on the state-of-the-art in usability, security, and privacy and how usability contributes to security and privacy. The agenda should include topics on ways to mutually advance objectives in usability and security/privacy especially in cases that replace trade-offs (e.g., between usability and security) with win-win scenarios. It should also include topics on research opportunities and potential roles for the federal government, academia, and industry and ways to embed usability considerations in research, design, and development related to security, privacy and vice versa. A report of the workshop will be issued.

shop was designed to identify research opportunities and potential roles for the federal government, academia, and industry and ways to embed usability considerations in research, design, and development related to security and privacy, and vice versa (the formal statement of task appears in Box P.1).

This report summarizes the workshop. As a workshop report, it does not necessarily reflect the consensus views of the committee or the workshop participants, and the committee was not asked to provide findings or recommendations.

The workshop was structured to gather suggestions from experts on computer security, privacy, and usability, as well as from economists and sociologists on new research topics within the intersection of usability, security, and privacy. It also involved a number of federal government representatives interested in usability, security, and privacy research. A detailed agenda can be found in Appendix A, and a list of workshop participants can be found in Appendix B.

The workshop featured two overview presentations, the first addressing computer security and the second addressing usability (summarized in Chapter 2). It also included six presentations intended to provide an overview of current and prospective research topics (summarized in Chapter 3). Following these talks, workshop participants split into smaller groups that discussed research needs and opportunities, addressing the topics listed in Appendix A. They were provided in advance with a set of potential research questions developed by the steering committee. The committee’s summary of results from the breakout sessions is presented

Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

in Chapter 4. Chapter 5 discusses overarching questions in advancing research in usability, security, and privacy.

The committee thanks the workshop participants for their thoughtful presentations and discussion. It also acknowledges the financial support provided by the project’s sponsors, the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST), and it appreciates the encouragement and support of Mary F. Theofanos (NIST) and Karl N. Levitt and C. Suzanne Iacono (NSF).


Nicholas Economides, Chair

Steering Committee on the Usability, Security, and Privacy of Computer Systems

Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

This page intentionally left blank.

Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

Acknowledgment of Reviewers

This report has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the National Research Council’s (NRC’s) Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published report as sound as possible and to ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their review of this report:

Steven M. Bellovin, Columbia University,

Bob Blakley, Gartner, Inc.,

Tadayoshi Kohno, University of Washington,

Eric Sachs, Google, Inc., and

Stuart E. Schechter, Microsoft Research.

Although the reviewers listed above have provided many constructive comments and suggestions, they were not asked to endorse the views expressed, nor did they see the final draft of the report before its release. The review of this report was overseen by Joseph F. Traub, Columbia University. Appointed by the NRC, he was responsible for making certain that an independent examination of this report was carried out in accor-

Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

dance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this report rests entirely with the authoring committee and the institution.

Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R1
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R2
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R3
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R4
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R5
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R6
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R7
Page viii Cite
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R8
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R9
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R10
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R11
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R12
Page xiii Cite
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R13
Suggested Citation:"Front Matter." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page R14
Next: 1 Overview of Security, Privacy, and Usability »
Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop Get This Book
×
Buy Paperback | $29.00 Buy Ebook | $23.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use, configure, or operate systems in ways that are inadvertently insecure. Moreover, security and privacy technologies originally were developed in a context in which system administrators had primary responsibility for security and privacy protections and in which the users tended to be sophisticated. Today, the user base is much wider--including the vast majority of employees in many organizations and a large fraction of households--but the basic models for security and privacy are essentially unchanged.

Security features can be clumsy and awkward to use and can present significant obstacles to getting work done. As a result, cybersecurity measures are all too often disabled or bypassed by the users they are intended to protect. Similarly, when security gets in the way of functionality, designers and administrators deemphasize it.

The result is that end users often engage in actions, knowingly or unknowingly, that compromise the security of computer systems or contribute to the unwanted release of personal or other confidential information. Toward Better Usability, Security, and Privacy of Information Technology discusses computer system security and privacy, their relationship to usability, and research at their intersection.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!