Secure User Interfaces

Secure User Interfaces
An Introduction

Prof. David Bernstein
James Madison University

Computer Science Department

bernstdh@jmu.edu

Review

User Interface:
- A system that allows for interaction between a human and a device
Devices:
- Input (keyboard, microphone, pointing devices)
- Output (display, printer, speaker, haptic devices)

Using the Science

What Science?
- Physics (e.g., sound and light wave transmission)
- Biology (e.g., the ear and the eye)
- Psychology (e.g., perception and cognition)
Getting the Science to the Designer/Programmer:
- Guidelines and/or rules of thumb

Use Secure Defaults (Path of Least Resistance)

Rationale:
- Users assume an application is secure
- Users are unlikely to take (multiple) actions to ensure security (i.e., they take the path of least resistance)
- Users know less about security than designers/programmers
Examples:
- Use minimal priveleges
- Use the secure alternative (e.g., SSL, HTTPS)

Make Security Implications Clear (Explicit Authority, Clarity)

Rationale:
- Users do not understand the technical details of security
Implications:
- Present the user with consequences not technical details
Examples of Bad Practice:
- Informing the user that a certificate is signed by an unknown authority
- Asking the user to choose an encryption method

The Absence of a Cue is not a Cue

Rationale:
- Users are far more likely to notice the existence of a cue than the absence of a cue
Example:
- WWW browsers often add an icon when HTTPS is used, they should instead display a prominent icon when it isn't

Save Files in Secure Locations

Rationale:
- Users are unlikely to encrypt/decrypt files manually
Implications:
- Save files only in folders/directories with appropriate persmissions
- Make the security implications of using other folders/directories apparent

Use a Trusted Path for Communications

Rationale:
- Communications channels are complex and users often trust complex systems
Example:
- Use HTTPS

Allow for Review (Visibility) and Revocation

Rationale:
- Users may forget the security decisions they have made and/or may change their minds about them
Note:
- Revocation may not always be possible