Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues - both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them. But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users. Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't.
Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless. There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. "Security & Usability" is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.
"Security & Usability" groups 34 essays into six parts: Realigning Usability and Security - with careful attention to user-centered design principles, security and usability can be synergistic; Authentication Mechanisms - techniques for identifying and authenticating computer users; Secure Systems - how system software can deliver or destroy a secure user experience; Privacy and Anonymity Systems - methods for allowing people to control the release of personal information; Commercializing Usability: The Vendor Perspective - specific experiences of security and software vendors (e.g.,IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability; and The Classics - groundbreaking papers that sparked the field of security and usability. This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.
Über den Autor und weitere Mitwirkende
Dave Rolsky is a programmer, author, and activist with a background in music composition and an obsession with Hong Kong films and the works of author Gene Wolfe. He has been actively developing Free (Perl) Software for several years and is a member of the Mason core development team. For more information about Embedding Perl in HTML with Mason please visit www.masonbook.com, a web site maintained by the authors where additional information and downloadable source code are available. Darren Chamberlain is an active member of the Template Toolkit development team.Richard Foley is an itinerant Perl programmer (since 1996), born in London, currently living near Munich, Bavaria. He fritters most of his time programming in Perl and Oracle, when he could be spending quality time with his family, reading or playing chess, walking or skiing in the nearby Alps. He has a technical illustration background, and has developed applications using Perl and Oracle on UNIX in the Aerospace, Internet and Banking industries. Responsible for maintaining the perlbug database, from 1997 to 2001, he has submitted patches to the Perl debugger, and written the perl debugger tutorial (perldebtut). He is the author of several modules on the CPAN including Oracle::Debug, an interface to the server-side Oracle PL/SQL engine, which was inspired by the Perl debugger. Co-organiser of YAPC::Europe::2002 in Munich, he is a also a member of the YAPC::Europe committee, the group responsible for organizing Perl conferences in Europe. High point was 24,000 feet on Broad Peak in the Karakorum Himalaya and low point 300 feet under the Yorkshire Dales in the North of England. Oh, and even the grey hairs are receding, when his daughters don't pull them out first! Jesse Vincent is the author of RT and the founder of Best Practical Solutions, LLC, a company dedicated to open source tools to help people and organizations keep track of what needs doing, when it gets done, and who does it. Before founding Best Practical, Jesse worked as the Systems lead for a now-defunct dotcom and a software designer at Microsoft. Robert Spier is a software engineer who has been working with RT for almost 7 years. When not managing other engineers at his day job, he moonlights as Best Practical's lead trainer, and maintains the perl.org infrastructure.