CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
image Books: Security and Usability image
Literature
For Immediate Release
For more information, a review copy, cover art, or an interview with the authors, contact:

Kathryn Barrett (707) 827-7094 or kathrynb@oreilly.com

Designing Secure Systems that People Can Use O'Reilly Releases "Security and Usability"

Sebastopol, CA--Conventional wisdom dictates that there must be a tradeoff between security and usability. To illustrate the point, Lorrie Faith Cranor, DSc, and Simson Garfinkel, Ph.D., contrast a computer with no passwords with one "that makes you authenticate every five minutes with your password and a fresh drop of blood." The former is usable, but not secure, while the latter is secure but holds little appeal for most users. In their new book, "Security and Usability" (O'Reilly, US $44.95), Cranor and Garfinkel contend that security and usability are not inherently at odds; in fact, tomorrow's computers won't be secure unless researchers, designers, and programmers can invent new ways to make security systems easier to use.

"As the world around us makes clear every day, if people are unable to use secure computers, they will use computers that are not secure," Cranor and Garfinkel remark in the preface to their book. Although theoretically secure, computers that aren't usable do little to improve the security of their users because these machines push users to less secure platforms. "As it turns out, the converse is also true: systems that are usable but not secure are, in the end, not very usable either," they note. This is because these systems don't last: they get hacked, compromised, and otherwise rendered useless.

"Having each worked in the area of security for the better part of two decades, it has become increasingly clear to us that the question of usability is among the most important in determining the overall security of a system, yet it is also one of the issues that is most frequently ignored," observes Garfinkel. "Although it has long been recognized that security systems need to be usable, there has been astonishingly little work done in this area to date. Indeed, some scientists have gone so far as to say that usability and security are inherently at odds, and in building secure systems it is necessary to figure out just how much usability needs to be given up.

"We don't believe this," Garfinkel continues. "We believe that it is possible, through the use of good research and practice, to build systems that are both secure and usable. This book is a guide to practitioners on how to do that, as well as a guide to researchers regarding which directions are likely to bring more fruitful results."

In the first book to be focused entirely on the subject of usability and security, Cranor and Garfinkel present thirty-four groundbreaking essays from leading security, usability, and human-computer interaction (HCI) researchers around the world. Balancing theory and fundamental principles with practical advice, they examine this important issue in detail.

"In order to build systems that are both secure and usable, it is important to have some understanding of both the computer security field and the human-computer interaction field. Most researchers and practitioners have been trained in only one of these fields. Our hope is that this book can help bridge the gaps for them and fill in some of the important background they need to work in this interdisciplinary area," says Cranor.

"Security and Usability" offers a window into the future of computer security where usable design and secure systems are no longer at odds. Topics include:

-Realigning usability and security: psychological acceptability, designing for actual (not theoretical) security, tools for usability evaluation, and trust designs and models

-Authentication mechanisms: password memorability, challenge questions, graphical passwords, biometrics, keystroke dynamics, smart cards, and USB tokens

-Secure systems: secure interaction design, anti-phishing, sanitization and usability, usable PKI, compartmentalized security, and ethnographic analysis

-Privacy and anonymity systems: privacy design pitfalls, the Privacy Space Framework, the Platform for Privacy Preferences (P3P), web bugs, informed consent on the Internet, social approaches to security, and anonymizing technologies

-Commercializing usability: vendor experiences in addressing usability issues at Microsoft, IBM/Lotus, Firefox, Zone Labs, and Groove Networks

"Security and Usability" brings together research findings, actual implementation experiences, practical advice, and recommendations for constructing next-generation operating systems. This volume is sure to become a classic reference and an inspiration for further research.

Additional Resources:

Chapter 23, "Privacy Analysis for the Casual User with Bugnosis," is available online at: http://www.oreilly.com/catalog/securityusability/chapter/index.html

For more information about the book, including table of contents, index, author bios, and samples, see: http://www.oreilly.com/catalog/securityusability/

For a cover graphic in JPEG format, go to: ftp://ftp.ora.com/pub/graphics/book_covers/hi-res/0596008279.jpg

Security and Usability
Edited by Lorrie Faith Cranor and Simson Garfinkel
ISBN: 0-596-00827-9, 714 pages, $44.95 US, $62.95 CA
order@oreilly.com
1-800-998-9938
1-707-827-7000
http://www.oreilly.com
1005 Gravenstein Highway North
Sebastopol, CA 95472

About O'Reilly
O'Reilly Media, Inc. is the premier information source for leading-edge computer technologies. The company's books, conferences, and web sites bring to light the knowledge of technology innovators. O'Reilly books, known for the animals on their covers, occupy a treasured place on the shelves of the developers building the next generation of software. O'Reilly conferences and summits bring alpha geeks and forward-thinking business leaders together to shape the revolutionary ideas that spark new industries. From the Internet to XML, open source, .NET, Java, and web services, O'Reilly puts technologies on the map. For more information: http://www.oreilly.com

# # #

O'Reilly is a registered trademark of O'Reilly Media, Inc. All other trademarks are property of their respective owners.
Posted on Tuesday, 11 October 2005 @ 08:38:06 UTC by Paul (1398 reads)
[ Trackback ]		image

"Books: Security and Usability" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· IBM
· Microsoft
· OpenSource
· HotScripts
· W3 Consortium
· More about Literature
· News by Paul

Most read story about Literature:
Taking a Crack at Hackers; New Book Helps Attorneys, Executives Combat Cyberthre
block bottom
Article Rating
spacer
Average Score: 5
Votes: 1


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
124ppm 0.163s (0.006s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer