topic application dcis 0730 – 12/03/04 fernando doylet [email protected] network computer users’...
TRANSCRIPT
![Page 1: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/1.jpg)
Topic ApplicationDCIS 0730 – 12/03/04Fernando [email protected]
Network Computer Users’Single Question Survey Tool
Application Report
Problem Identification : Who is reading?Mental attitudes & web securityTypes of attacks or misuse detected
Possible Causes : User Agreements - unintended consequencesOverconfidence – on existing technologiesNew technologies – may be overwhelming
Understanding the User : Personality types & perceptual filtersBalancing behavior – chances vs. fearsUnintended consequences – internal attacks
Reality Check : Unilateral solutions vs. Shared solutionsSingle Question Survey ToolFlowcharts – Question.java & Answer.java
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 2: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/2.jpg)
Who is Reading?mental attitudes & web security
Highest-ranking executives are those least likely to comply with security rules because they "don’t have time" to bother with procedures that "get in the way of more important things"
[Weirich & Sasse, 2002]
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 3: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/3.jpg)
“The human factor is often described as the weakest part of a security system and users are often described as the weakest link in the security chain.”
[Patrick et al., 2003]
Who is Reading?mental attitudes & web security
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 4: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/4.jpg)
[Gordon et al., 2004]
Types ofAttacksor MisuseDetected
Target:reducemisuse
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 5: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/5.jpg)
eBay User Agreement and Privacy Policy on 12/01/04:
Scrolling version: 52733 characters, 8426 words, 230 lines
Printer-friendly version: 53381 characters, 8481 words, 246 lines
User Agreementsmay hide unintended consequences
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 6: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/6.jpg)
Secure Sockets Layer (SSL) vulnerabilities
To guarantee a comfortable level of security, people should be checking that the certificate is:
1) signed by a known Certificate Authority (CA),
1) current, and
1) bound or connecting to the intended entity.
[Viega & Messier, 2004]
Overconfidenceon existing technologies
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 7: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/7.jpg)
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 8: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/8.jpg)
( Individualist )
( Hierarchist )
( Eg
alita
rian
)
( F
ata
list
)
Computer Users’personality types
Hierarchists: risk management is the responsibility of authority;
Individualists: leave decisions to individuals and the market;
Egalitarians: consensus risk management, require trust and transparency;
Fatalists: subjects to destiny and luck.
[Adams, 2004]
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 9: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/9.jpg)
[Adams, 2004]
Balancing BehaviorChances vs. Fears
PC userat home
PC userat work
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 10: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/10.jpg)
[Cunvin, 2004]
Unintended Consequencesallow internal attacks
Need to maintain computer users’ awareness( in non-intrusive ways )
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 11: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/11.jpg)
Unilateral SolutionsUser Profiles
experts, advanced, skilled, unskilled
Assumptionsadditional options for power users
Shared SolutionsCertifications
International Computer Drivers’ License (icdlus.com)
Surveysemails, meetings, questionnaires, interviews
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 12: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/12.jpg)
CentralServer
Supervisor'sComputer
Employee'sComputer
Client's INFOLDER Client's INFOLDER
Server's OUTFOLDER
ALF
SLF
ULF
Answer Question
CQF CAF
QLF
ALF:Answers Local FileSLF:Size-of-CQF Local FileULF:User-PC-id Local File
CQF:Central Questions FileCAF:Central Answers File
QLF:Questions Local File
Single Question Survey Toolreduce misuse – enhance accountability
one question a day, keeps complacency away
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 13: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/13.jpg)
Start
FolderOUTFOLDER
exists?
Create folderOUTFOLDERNo
Yes
FolderINFOLDER
exists?
LocalQuestions Log
File (QLF)exists?
No
Yes
Create QLFNo
CentralQuestions File(CQF) exists?
Create CQFNo
Yes
Yes
CentralAnswers File(CAF) exists?
Create CAFNo
Create localfolder
INFOLDER
Is QLFsize > 0 ?
Yes
LoadQuestionsDrop Down
List
Is CAFsize > 0 ?
LoadAnswersArray List
Yes
YesShowQuestionFrame
No No
Option tosend
Question
Is Questioncomplete?
Count # ofCQF lines &Add questionto QLF & CQF
End Of Job
Yes
No
Option toClose
Question.javaAnswer.javaStart
FolderINFOLDER
exists?
Create localfolder
INFOLDERNo
Yes
CentralQuestions File(CQF) exists?
CentralAnswers File(CAF) exists?
No
Yes
AnswersLog File (ALF)
exists?
Create ALF
Yes
Yes
User PCid Local File(ULF) exists?
Create ULFNo
End Of Job
No
get PC name &write it to ULF
Create Sizeof CQF Local
File (SLF)
write size ofCQF to SLF
get PC nameand load userslist from ULF
Yes
Get UserIdentity
SLF exists? Create SLF
get size of CQFfrom SLF
YesIs CQF sizethe same?
AYes
Verify UserIdentityNo
A
UserVerified
UserIdentityobtained
User notlisted
ShowQuestion
add new identityto ULF
Questionanswered
Is Answercomplete?No
add answer toCAF and ALF
Yes
write size ofCQF to SLF
No
No
write size ofCQF to SLF
User NotVerified
Pick Userfrom list
Reality CheckUnderstanding the UserPossible CausesProblem Identification
![Page 14: Topic Application DCIS 0730 – 12/03/04 Fernando Doylet doylet@nova.edu Network Computer Users’ Single Question Survey Tool Application Report Problem Identification](https://reader035.vdocuments.us/reader035/viewer/2022070411/56649f305503460f94c4b5aa/html5/thumbnails/14.jpg)
References:
Adams, J. 2004. Science and Terrorism: Post-Conference after-thoughts. Post Conference Draft for World Federation of Scientist’ International Seminar on Terrorism. Erice 7-12 May 2004. http://www.geog.ucl.ac.uk/~jadams/publish.htm. 1-11
Cunvin, A. 2004. The Rise of Security Threats. Appsense - Monday, 1 November 2004. Retrieved from http://www.net-security.org/article.php?id=740
Gordon, L.A., Loeb, M.P., Lucyshyn, W., and Richardson, R. 2004. Ninth Annual 2004 CSI/FBI Computer Crime and Security Survey. Computer Security Institute. Retrieved from http://www.theiia.org/iia/download.cfm?file=9732 Patrick, A.S., Long, C.A., and Flinn, S. 2003. HCI and Security Systems. CHI 2003, April 5-10, 2003, Ft. Lauderdale, Florida USA. ACM 1-58113-637-4/03/0004. 1056-1057
Viega, J., Messier, M. 2004. Security: is harder than you think. Secure Software. ACM Queue July/August 2004. 60-65
Weirich, D., and Sasse, M.A. 2002. Pretty Good Persuasion: A First Step towards Effective Password Security in the Real World. NSPW’01, September 10-13th, 2002, Cloudcroft, New Mexico, USA. ACM 1-58113-457-6/01/0009. 137-143.
Reality CheckUnderstanding the UserPossible CausesProblem Identification