Monday, April 11, 2005

simson

Today I stumbled across a couple of quotes from a talk I saw on March 10. Simson Garfinkel provided some insight to usable security.

"We can never make a system completely secure... but we can make the attacks more expensive and more difficult."

How true, isn't that the whole idea behind computer security? An arms race?

He went on to explain that all of computer security boils down to secure, authentic messaging.

He concluded his talk about digital signatures (specifically a usability study he did with email) by mentioning that people should sign mail. The general paradigm about signing mail is successful with a decent interface, even if people are not "cryptographically aware." Unfortunately, digital signatures are not an effective countermeasure for phishing.

He also concluded that people who use webmail or other web applications will have trouble switching to an interface that is event driven -- or vice versa. This creates a dilemma in the design circuit. Do we design apps for web application users or for classic window-based GUI users?

Interesting thoughts.

1 comment:

Anonymous said...

So yeah, I've been lurking a couple weeks. Hi, Sid!

I have two friends who did their theses on problems of this nature, how to structure networks so that disruption is most expensive to the attackers, and total disruption is most avoidable.

Their problems came from classic problems of where a superpower would keep arms dumps to control an area.

Just thought I'd share.