- Forward


Secure User Interfaces
An Introduction


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu

Print

Review
Back SMYC Forward
  • User Interface:
    • A system that allows for interaction between a human and a device
  • Devices:
    • Input (keyboard, microphone, pointing devices)
    • Output (display, printer, speaker, haptic devices)
Using the Science
Back SMYC Forward
  • What Science?
    • Physics (e.g., sound and light wave transmission)
    • Biology (e.g., the ear and the eye)
    • Psychology (e.g., perception and cognition)
  • Getting the Science to the Designer/Programmer:
    • Guidelines and/or rules of thumb
Use Secure Defaults (Path of Least Resistance)
Back SMYC Forward
  • Rationale:
    • Users assume an application is secure
    • Users are unlikely to take (multiple) actions to ensure security (i.e., they take the path of least resistance)
    • Users know less about security than designers/programmers
  • Examples:
    • Use minimal priveleges
    • Use the secure alternative (e.g., SSL, HTTPS)
Make Security Implications Clear (Explicit Authority, Clarity)
Back SMYC Forward
  • Rationale:
    • Users do not understand the technical details of security
  • Implications:
    • Present the user with consequences not technical details
  • Examples of Bad Practice:
    • Informing the user that a certificate is signed by an unknown authority
    • Asking the user to choose an encryption method
The Absence of a Cue is not a Cue
Back SMYC Forward
  • Rationale:
    • Users are far more likely to notice the existence of a cue than the absence of a cue
  • Example:
    • WWW browsers often add an icon when HTTPS is used, they should instead display a prominent icon when it isn't
Save Files in Secure Locations
Back SMYC Forward
  • Rationale:
    • Users are unlikely to encrypt/decrypt files manually
  • Implications:
    • Save files only in folders/directories with appropriate persmissions
    • Make the security implications of using other folders/directories apparent
Use a Trusted Path for Communications
Back SMYC Forward
  • Rationale:
    • Communications channels are complex and users often trust complex systems
  • Example:
    • Use HTTPS
Allow for Review (Visibility) and Revocation
Back SMYC Forward
  • Rationale:
    • Users may forget the security decisions they have made and/or may change their minds about them
  • Note:
    • Revocation may not always be possible
There's Always More to Learn
Back -