Secure User Interfaces
An Introduction
|
Prof. David Bernstein
James Madison University
|
|
Computer Science Department
|
bernstdh@jmu.edu
|
Review
- User Interface:
- A system that allows for interaction between a
human and a device
- Devices:
- Input (keyboard, microphone, pointing devices)
- Output (display, printer, speaker, haptic devices)
Using the Science
- What Science?
- Physics (e.g., sound and light wave transmission)
- Biology (e.g., the ear and the eye)
- Psychology (e.g., perception and cognition)
- Getting the Science to the Designer/Programmer:
- Guidelines and/or rules of thumb
Use Secure Defaults (Path of Least Resistance)
- Rationale:
- Users assume an application is secure
- Users are unlikely to take (multiple) actions to ensure
security (i.e., they take the path of least resistance)
- Users know less about security than designers/programmers
- Examples:
- Use minimal priveleges
- Use the secure alternative (e.g., SSL, HTTPS)
Make Security Implications Clear (Explicit Authority, Clarity)
- Rationale:
- Users do not understand the technical details of security
- Implications:
- Present the user with consequences not technical details
- Examples of Bad Practice:
- Informing the user that a certificate is signed by an
unknown authority
- Asking the user to choose an encryption method
The Absence of a Cue is not a Cue
- Rationale:
- Users are far more likely to notice the existence of a cue
than the absence of a cue
- Example:
- WWW browsers often add an icon when HTTPS is used, they
should instead display a prominent icon when it isn't
Save Files in Secure Locations
- Rationale:
- Users are unlikely to encrypt/decrypt files manually
- Implications:
- Save files only in folders/directories with appropriate
persmissions
- Make the security implications of using other folders/directories
apparent
Use a Trusted Path for Communications
- Rationale:
- Communications channels are complex and users often trust
complex systems
- Example:
Allow for Review (Visibility) and Revocation
- Rationale:
- Users may forget the security decisions they have made
and/or may change their minds about them
- Note:
- Revocation may not always be possible
There's Always More to Learn