1 / 98

ITIS 6010/8010 Privacy and Security: an HCI Perspective

ITIS 6010/8010 Privacy and Security: an HCI Perspective. Dr. Heather Richter Lipford richter@uncc.edu. Unusable security & privacy. Unpatched Windows machines compromised in minutes Phishing web sites increasing by 28% each month Most PCs infected with spyware (avg. = 25)

hectore
Télécharger la présentation

ITIS 6010/8010 Privacy and Security: an HCI Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITIS 6010/8010Privacy and Security:an HCI Perspective Dr. Heather Richter Lipford richter@uncc.edu

  2. Unusable security & privacy • Unpatched Windows machines compromised in minutes • Phishing web sites increasing by 28% each month • Most PCs infected with spyware (avg. = 25) • Users have more passwords than they can remember and practice poor password security • Enterprises store confidential information on laptops and mobile devices that are frequently lost or stolen Slides from Lorrie Cranor, CMU

  3. What’s the problem? • Why can’t security “just work?” • How many of you have… • had a virus? • spyware or malware? • trouble with spam? • dad private information stolen? • known someone who fell for phishing?

  4. security/privacy researchers and system developers human computer interaction researchers and usability professionals

  5. Grand Challenge “Give end-users security controls they can understandand privacy they can control forthe dynamic, pervasive computing environments of the future.” - Computing Research Association 2003

  6. Agenda • Course Overview • Introductions & discussion • HCI Overview • Ethics

  7. Course Information • Book • Security and Usability, eds. Cranor & Garfinkel • Web • http://www.sis.uncc.edu/~richter/classes/2007/6010/index.html • Overview • Grading and Policies • Syllabus and Lectures • Assignments • Swiki

  8. Course Information • Grading • Class Participation: 10 points • Reading summaries and assignments: 20 points • Exam: 20 points • Class project: 50 points • 8010 only • Research topic: 20 points

  9. Reading summaries • One paragraph per chapter or paper • Summarizing important points of that reading • One question or discussion point • Post on Swiki by 6pm Tuesday

  10. Group project • 3-4 people per group • Preliminary user study of privacy or security application, mechanism, or concerns • Deliverables: • Idea • Initial plan 5 points • Plan 20 points • Report 20 points • Presentation 5 points

  11. Project Ideas • Start with a question or problem… • Why don’t more people encrypt their emails? • How well does product X work for task Y? • What personal information do people expect to be protected? • Flip through chapters in the book & papers • Follow up on existing study • Examine your own product/research/idea • Examine something you currently find frustrating, interesting, etc.

  12. Course Aims • Consciousness raising • Make you aware of HCI issues related to privacy and security • Learn some existing HCI results pertaining to privacy and security solutions • Design critic • Recognize & question bad HCI design in privacy and security • Improve your HCI design & evaluation skills in the domain of privacy and security

  13. Course Overview • HCI Overview • Process, methods • Usability studies • Privacy & Security overview • Issues relating to • Authentication • Secure communication • Semantic attacks • Web privacy and security • Mobile and ubiquitous computing • Security administrators

  14. How to do well • Time and effort • Do the reading and prepare for class • Attend class and participate • Spend time on project • Attention to detail • Communication • Tell me what you learned and why you made decisions

  15. Introductions –Dr. Heather Richter Lipford • Ph.D. in C.S. from Georgia Tech in May 2005 • HCI, Ubiquitous Computing, and Software Engineering focus • Contact info: • richter@uncc.edu (preferred) • 704-687-8376 • Office: 305E Woodward • Office Hours: • Thursday 5-6pm • By appointment

  16. Introductions – my recent project • Sharing and privacy in online social networking communities (Facebook) • 10s of millions of users of such sites • Concern over making too much information publicly available • Little privacy usage on these sites • How can we allow users to safely share information and still maintain desired levels of privacy?

  17. Introductions – Your Turn • Name, student status, specialization • Previous HCI/interface experience? • Previous security/privacy experience? • What you hope to get from this course?

  18. First discussion • Worst system you’ve had to interact with? • What factors made it hard to use?

  19. Discussion, cont. • What is an example of a good UI? • What makes it good?

  20. How do users stay safe online?

  21. POP!

  22. Discussion, cont. • What are applications/UIs that you have used related to security and privacy? • What are your experiences (good & bad) in using them?

  23. Secondary task After installing all that privacy and security software… …do you have any time left to get work done?

  24. Human Computer Interaction HCI in a nutshell… or as much as can fit in 80 minutes.

  25. Human-Computer Interaction (HCI) • Human • the end-user of a program • the others in the organization • Computer • the machine the program runs on • clients & servers, PDAs, cars, microwaves • Interaction • the user tells the computer what they want (input) • the computer communicates results (output) Slides from Jason Hong, CMU

  26. HCI • Basic definition: • The interaction and interface between a human and a computer performing a task • What tasks? Write a document, calculate monthly budget, learn about places to live in Charlotte, drive home… • Tasks might be work, play, learning, communicating, etc. etc. • Is security one of these tasks?

  27. Why is HCI Important? • Major part of work for “real” programs (~50%) • Bad user interfaces cost: • money (reduced profits, call centers) • WiFi Alliance: 30% of WiFi boxes returned • reputation of organization (e.g., brand loyalty) • time (wasted effort and energy by users, rework) • lives (Therac-25)

  28. Why is HCI Important? • Privacy and Security • phishing scams • accidental disclosures (ex. location info, cookies) • difficulty diagnosing the situation (intrusion detection) • intentionally circumventing security mechanisms

  29. Famous Quotations “It is easy to make things hard. It is hard to make things easy.” – Al Chapanis, 1982 • User interfaces hard to get right • People are unpredictable, difficult to deeply analyze • Intuition of designers often wrong • Cost or features may be considered over human factors • Creativity is challenging!

  30. Usability • Important issue • Combination of • Ease of learning • High speed of user task performance • Low user error rate • Subjective user satisfaction • User retention over time

  31. UI Design / Develop Process • User-Centered Design • Analyze user’s goals & tasks • Create design alternatives • Prototype • Evaluate • Refine • IMPLEMENT

  32. Another take on process scenariostask analysis what iswanted guidelines principles analysis interviews what is there vs. what is wanted precisespecification design dialoguenotations implement and deploy evaluation heuristics prototype architectures documentation help

  33. What is wanted: Requirements • User & environmental characteristics • Task analysis • Desired features and goals • Usability goals, success criteria

  34. Know Thy Users! • Physical & cognitive abilities (& special needs) • Personality & culture • Knowledge & skills • Motivation • Two Fatal Mistakes: • Assume all users are alike • Assume all users are like the designer

  35. Finding out about users and their needs • Learn about people • Psychology, sociology, HCI research • General understanding of human capabilities and behaviors • Observe them • Watch them doing relevant tasks • Talk to them • Interviews & Focus groups • Questionnaire (survey) • Read about them • manuals, other products, your own previous products

  36. Describing users: Persona

  37. Can’t we just ask users what they want? • Not familiar with what is possible with technology • Not familiar with design constraints • Budget, legacy code, time, etc • Not familiar with good design • Not familiar with security and privacy • Sometimes users don’t know what they want • Ex. Remote controls • Not able to understand assumptions behind their own behavior • So we need to do deeper analysis…

  38. Task Analysis • Process of analyzing and documenting how people perform their jobs or activities • Task-subtask decomposition • Focus on: • Activities • Artifacts • Relations • Conditions and outcomes of tasks

  39. Describing tasks: Scenarios Its Friday afternoon and John just got paid. He wants to deposit his check immediately so he can pay his rent. He stops at one branch of his bank on the way home from work. He waits in his car while another person finishes using the ATM in front of the bank since it is drizzling outside. He walks up to the ATM to deposit his check. Only, as he is about to put the check into the envelope at the ATM, he realizes that he has not signed the back of it, and he has no pen and can not find one on or near the ATM machine. He cancels the transaction on the ATM, and enters the bank, which luckily is still open for 5 more minutes. He goes to the counter, finds a pen, and signs his check. He also fills out a deposit slip. He then waits to see a teller in person to deposit his check, and get money for the weekend.

  40. Usability Requirements • Usability goals: such as learnability, consistency, robustness, etc. • Ways to measure and judge success • Time to complete key tasks - min, max • Time to become proficient - do given set of tasks in given time • Subjective satisfaction

  41. In-class example • Firewall product for a home with multiple computers on one wireless network. • User characteristics • Environmental characteristis (physical, technical, social) • Tasks involved • Usability criteria

  42. The process scenariostask analysis what iswanted guidelines principles analysis interviews what is there vs. what is wanted precisespecification design dialoguenotations implement and deploy evaluation heuristics prototype architectures documentation help

  43. What is design? Achieving goals within constraints • A design is a simplified representation of the desired artifact • text description of tasks • screen sketches or storyboards • flow diagrams / outline showingtask structure • executable prototypes

  44. Four Myths about Good Design • Myth 1: Only experts create good designs • experts faster, simple and effective techniques anyone can apply • Myth 2: We can fix the user interface at the end • good design is more than just user interface • having right features, building those features right • Myth 3: Good design takes too long / costs too much • simple and effective techniques that can reduce total development time & cost (finds problems early on) • Myth 4: Good design is just cool graphics • graphics part of bigger picture of what to communicate & how

  45. Design Guidelines & Principles • Conceptual models • Affordances • Visibility • Mapping • Feedback • Constraints

  46. Conceptual Models • Mental representation of how object works and how interface controls affect it • People may have preconceived models that are hard to change • (4 + 5) vs. (4 5 +) • dragging to trash? • delete file but eject disk • Designer can help user foster an appropriate conceptual model • Appearance, instructions, behavior...

  47. Refrigerator freezer Problem: freezer too cold, but fresh food just right fresh food

  48. 7 6 5 4 3 A B C D E Refrigerator Controls Normal Settings C and 5 Colder Fresh Food C and 6-7 Coldest Fresh Food B and 8-9 Colder Freezer D and 7-8 Warmer Fresh Food C and 4-1 OFF (both)0 What is your conceptual model?

  49. 7 6 5 4 3 A B C D E A Common Conceptual Model independent controls cooling unit cooling unit

  50. 7 6 5 4 3 A B C D E Actual Conceptual Model • Now can you fix the problem? • Possible solutions • make controls map to user’s model • make controls map to actual system cooling unit

More Related