Human-Computer Interaction Opportunities For Improving Security presented at 14th USENIX Security Symposium 2005

by Ben Shneiderman,

Tags: Security Monitoring Analysis Development

Summary : Creating a more secure computing and communications environment requires cooperation among many disciplines. Human-computer interaction (HCI) researchers can contribute by participating in user interface design for system managers and every level of users. The standard HCI processes could clarify the currently confusing array of features that overwhelms many users and leads to errors or frustration. First steps would include clear task analysis and a hierarchical decomposition of objects and actions that enable users to develop a meaningful mental model tied to their needs, rather than the intricacies of system architecture. Then carefully chosen evaluation methods could assess interface designs during development and usage. A second HCI contribution might be tied to information visualization tools to enable system managers to better monitor activity, detect attacks, and trace attackers. Temporal pattern search, network traffic analysis, and hierarchical clustering tools are potential contributions.
This talk includes a proposed graphic user interface, FORTS (File-sharing Onweb with Realistic Tailorable Security), for specifying and monitoring security/privacy status. This interface is meant to be multi-layered to allow users to choose the level of complexity and protection they need. Based on a fortress model, FORTS shows more secure areas deeper in the fort, and multiple gates to allow incoming/outgoing traffic with comprehensible activity logs.