Security and Usability: Designing Secure Systems That People Can Use

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Salvaneschi, Paolo

sanitization

     cryptographic approach to

     standards, U.S. Department of Defense

     usability and

SANS (SysAdmin, Audit, Network, Security)

Sasse, M. Angela 2nd

Save As command, overwriting files

Schneier's Security Processes Framework

search tools, file access security

Secure Empty Trash command (Macintosh), replacing with Shred Trash command

secure interaction design

     authority management

     browsers

     conflict between security/usability

     design guidelines

         authorization

         communications

     design strategies

     implementations of

     iterative design

     privacy, designing for

Secure Sockets Layer (SSL)

SecureID

security

     as collaborative effort

     authentication and

         environmental considerations

         online banking example

     breaches in business sector

     by admonition

     by designation

         file access, securing

     challenge questions systems and

     collaborative applications, embedding in

     complexity and

     contextual design

     cookies, managing

     credentials, using challenge questions to recover

     culture 2nd 3rd 4th

         ethnographic studies

     graphical passwords, evaluating

     image problem

     memorability and, tradeoff in password selection

     on desktops 2nd

     problematic properties of

     retrofitting usable, inability to

     supporting task

     user knowledge

security administration

     attack analysis

     case studies

     collaboration as requirement of

     system checkups

     tools

security administrators 2nd

     activity reuse in information processing, need for

     attacks, analysis of

     checkups, performing

     education of

     environment, required knowledge of

     Groove Virtual Office and

     instructing users about password selection

     profiles of

     schedules, staggering

     time as crucial factor

     workload increases

security and privacy

    applications

         usability design/evaluation for

     applications, complexity of

     balancing

     biometric authentication systems

     differences between

     frameworks

         Schneier's Security Processes Framework

     HCI methods/usability in

     solutions, updating

     Web

security and usability, balancing 2nd

     authentication design

     disposable cell phones

     graphical passwords, evaluating 2nd

     Groove Virtual Office

     Mozilla FireFox

    passwords

         removing unnecessary restrictions

     physical locations, exploiting differences

     sanitization systems

     secure interaction design

         authority management

         checklist

         iterative design

         mental models

         security by admonition

         security by designation

     sources of conflict

     users

         attackers and, exploiting differences

         partnership with

security mechanisms

     complementary, challenge questions systems

     constraints on

     context of

     environmental influences

     overprotection

     tasks, varying with

     testing

     unreasonably burdensome

     users and

         compliance enforcement

         perceptions

         resistance 2nd 3rd

         training

     users compromising

         remedial prevention measures

security performance

     biometric authentication mechanisms

     monitoring

security policies 2nd

     academic environments

     expression of

     methods of establishing constraints

     users circumventing 2nd

security systems

     AEGIS methodology for creating

     authentication

     biometrically based

     creating usable

     design, minimizing user effort

     production of, recommendations

     psychological acceptability

     stakeholders, benefits of involving

     trust relationships

selecting

     authentication mechanisms

semantics, phishing attacks and

Service Pack 2, Windows XP

session logs, examining

shoulder-surfing attacks

     challenge questions systems

shred command (Linux), secure file deletion

Shred Trash command (Macintosh), replacing Empty Trash/Secure Empty Trash commands with

signature verification, biometric authentication

Slammer worm

smart cards 2nd 3rd 4th 5th

     cryptography and

     for paying tolls, balancing privacy and security

     OTP tokens

     public and private keys

     recommendations

     usability study of

         aim/scope of study

         context/roles definition

         measurement apparatus

         results/interpretation

         user selection

Smetters, Diana

sniffing attacks

Sobig virus

social

     approach to privacy management

     capital

     engineering, phishing attacks and

     navigation

sociotechnical

     gap, user-centered controls on privacy mechanisms

     systems

         privacy and

soft trust

software

     add-on, sanitization techniques

     features, classifying

     life cycle

     privacy

         recommendations for developers

     remote installation, Microsoft Internet Explorer

     requirements, authentication accessibility

     uninstalling, lack of revocability and

Solaris, trusted stripe

spammers

speaker verification, biometrics authentication

SpoofGuard, case study

spyware 2nd 3rd

     exploiting poor software design

Spyware Eliminator

SQLSnake/Spida worm 2nd

ssh

SSL (Secure Sockets Layer)

support calls, data analysis of

Symantec AntiVirus

symmetric key cryptography

SysAdmin, Audit, Network, Security (SANS)

system lockout feature, challenge questions systems