Security and Usability: Designing Secure Systems That People Can Use

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

A P3P Preference Exchange Language (APPEL)

ability, trustworthiness and

abundance, authentication security

access control, on World Wide Web

accessibility of authentication mechanisms 2nd

     disabled users

         biometric authentication

     environmental considerations

     hardware/software requirements

     online banking example

Ackerman, Mark S.

active storage

ActiveX dialogs, Windows XP

Acumen

     anti-gaming techniques

     architecture

     deploying

     technological evaluation

    users

         awareness/motivation of

         educating

         needs, evaluating

Adage project

Adams, Anne

adaptive systems, interface design

AdAware

add-on software, sanitization techniques

admonition, security by

adware

AEGIS (Appropriate and Effective Guidance for Information Security)

agreement, informed consent model

Ambient Intelligence (AmI)

ambiguous disclosure

AmI (Ambient Intelligence)

Anderson, Ross

anonymity sets

anonymizing networks 2nd

     case studies of

anti-gaming, gaming and

Anti-Phishing Working Group (APWG)

antiphishing tools

AntiVirus (Symantec)

AOL (America Online), message system defense against phishing attacks

APPEL (P3P Preference Exchange Language)

applicability, challenge question systems

applications

     collaborative, embedding security in

     distributed/collaborative, user awareness

     for keystroke biometrics

     malware and

applications, developing

     design

     design/development phases

     postrelease phase

     privacy policy management tool, usability case study

         policy authoring, evaluating

         privacy needs, identifying

         prototypes, designing/evaluating

         users, interviewing

     privacy software developers, advice for 2nd

     Problem Severity Classification Matrix

     requirements phase

     secure software architecture

     security application, usability case study

         interface, testing

         ROI analysis

         work context, field study of

     trusted services

Appropriate and Effective Guidance for Information Security (AEGIS)

APWG (Anti-Phishing Working Group)

ARPANET

Asthagiri, Nimisha

at sign (@) in URLs

ATMs (automatic teller machines)

     biometric authentication

         keystroke biometrics

     two-factor authentication example

attachments, email

     malware

     self-propagating

attacks 2nd

     adware

     analysis of, case study

     auditing as means of minimizing

     brute force 2nd

     cracking

     dictionary 2nd

     email viruses

     environment and

     gaming

     graphical passwords, vulnerability of

     honeypots, attracting with

     information management and

     Internet viruses/worms

     malware

     man-in-the-middle

     network intrusion alerts, case study

     password hardening and

     phishing 2nd 3rd

         anatomy of, eBay example

         as semantic attacks

         defenses

         identification cues

         PKI and

         success of, MailFrontier study

         techniques

         trust exploitation

         user interface, fighting at

     research-based

     rootkits

     shoulder-surfing

         challenge question systems

     sniffing

     Trojan horses

     viruses

         Windows, exploiting design flaws in

     words/numbers in passwords, using permutations of

     worms

authentication 2nd

     accessibility barriers 2nd

         hardware/software requirements

     balanced design

     environmental considerations 2nd

     login attempts, increasing number of

     process, steps in

    time required

         challenge questions

         passwords

     token-based 2nd

     two-factor

     user-centered

         biometrics

authentication keys 2nd 3rd

     confidentiality

     distributing

     forced renewal

     generating, passwords and 2nd 3rd

     knowledge-based

     meaningfulness of

     predictability of

authentication mechanisms

     biometric 2nd 3rd 4th

         accessibility factors

         applications for 2nd

         ATMs

         enrolling users

         evaluating

         fingerprint systems

         flaws in

         key predictability

         keystroke systems

         memorability of

         outlier accommodation

         performance of

         portable devices

         privacy/security issues

         time factor

         user acceptance of

         user accommodation

     designing with challenge questions

     evaluating

     handheld devices

     human factors

     knowledge-based 2nd

     memometric 2nd

     selecting

     token-based, accessibility factors

     two-factor

authentication, challenge questions-based

     answers, types of

     credential recovery

     current practice, examples

     questions, types of

     time required

authorization, authentication process

     secure interaction design

automatic patching, psychological acceptability and

awareness of users

     distributed/collaborative applications

     information disclosure and

     privacy management

     privacy-protective behaviors

     web security, Bugnosis and

awareness tools