In search of usable security: Five lessons from the field

被引：46

作者：

Balfanz, D ^{[1
]}

Durfee, G ^{[1
]}

Smetters, DK ^{[1
]}

Grinter, RE ^{[1
]}

机构：

[1] Palo Alto Res Ctr, Palo Alto, CA USA

来源：

IEEE SECURITY & PRIVACY | 2004年 / 2卷 / 05期

关键词：

D O I：

10.1109/MSP.2004.71

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Different lessons learned while building usable, secure systems are discussed and were learned by contrasting two different versions of a public key infrastructure (PKI)-based secure wireless network. New devices to the network using location-limited channels are also described. It is pointed that a gestural user interface lets users intuitively express their application needs while simultaneously supporting strong security. One of the learned lessons is that small application-specific PKIs can give us all the benefits of public-key cryptography without the drawback of a global PKIs nonexistence. It is suggested that the designing of the systems that are simultaneously usable and secure should be stressed.

引用

页码：19 / 24

页数：6

共 14 条

[1]

Aboba B., 1999, 2716 IETF RFC

[2]

Adams D, 2001, TURBOMACH INT, V42, P40

[3]

[Anonymous], 2002, NDSS

[4]

*ANSI IEEE, 2001, 8021X IEEE

[5]

Balfanz D, 2004, USENIX ASSOCIATION PROCEEDINGS OF THE 13TH USENIX SECURITY SYMPOSIUM, P207

[6] Usable access control for the world wide web [J].

Balfanz, D .

19TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2003, :406-415

[7]

*CONS COMM INT TEL, 1988, X509

[8]

DOYLE P, 2003, ANAL JUNE 2003 SURVE

[9]

EDWARDS WK, 2002, P ACM C COMP SUPP CO, P256

[10]

Gutmann P, 2003, USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, P45

← 1 2 →