$30 off During Our Annual Pro Sale. View Details »

Design for Security — O'Reilly Velocity 2018

Serena Chen
June 13, 2018
Technology
2
330

Design for Security — O'Reilly Velocity 2018

Serena Chen

June 13, 2018
Tweet

More Decks by Serena Chen

See All by Serena Chen
Like Share and Subscribe: Effective Communication of Security Advice
heisenburger
0
84
Design for Security — Web Directions Summit 2019
heisenburger
0
150
purplecon — like, comment and subscribe: effective communication of security advice
heisenburger
0
200
Design for Security — BSides Wellington 2017
heisenburger
1
410
The Ideal Styling Language — CSSConfAu 2016
heisenburger
2
160
Intro to Design and UX — The Good Bits
heisenburger
0
270

Other Decks in Technology

See All in Technology
SOLID Is Dead, Long Live SOLID
lemiorhan
4
220
APIライフサイクル全体を見据えたテスト戦略
nagix
0
140
Bedrock & Amazon Q のアプデ、結局これって○○でいう××のこと?? 生成AIトレンドを俯瞰しながら解説!
minorun365
PRO
0
280
VRの世界でLTしていく (LT) - NIFTY Tech Day 2023
niftycorp
0
120
The future is already here – Mastering the challenges of the coming years
ufried
0
320
uGUI の自動操作の考え方と操作方法
orgachem
PRO
0
820
10分でわかる株式会社ログラス − エンジニア向け会社説明資料 / Loglass in 10 min for Engineers
loglass2019
2
870
Azure OpenAI Serviceの採用と挑戦 - Azure AI Hub meetup #1
cimadai
1
310
AWS Security Hubを有効化したけど見てない人に向けたDevSecOpsの実現方法 / #kayac_andpad_event
muziyoshiz
0
220
大規模Webアプリケーションプラットフォームを開発して軌道に乗るまでにやったこと / How to Put Platforms on Track
hhiroshell
0
1.1k
Building smarter apps with machine learning, from magic to reality
picardparis
4
3.7k
ココナラでエンジニアマネージャーをやってみた!
coconala_engineer
1
140

Featured

See All Featured
Fireside Chat
paigeccino
18
2.3k
The Power of CSS Pseudo Elements
geoffreycrofte
56
4.7k
A Tale of Four Properties
chriscoyier
150
22k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
656
120k
Bash Introduction
62gerente
603
210k
GraphQLとの向き合い方2022年版
quramy
26
12k
Pencils Down: Stop Designing & Start Developing
hursman
115
11k
From Idea to $5000 a Month in 5 Months
shpigford
376
45k
Atom: Resistance is Futile
akmur
257
24k
The Art of Programming - Codeland 2020
erikaheidi
39
12k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
33
8.6k
The Cult of Friendly URLs
andyhume
71
5.4k

Transcript

  1. Design for Security
    Serena Chen | @Sereeena | O’Reilly Velocity 2018

    View Slide

  2. !

    View Slide

  3. Usability Security

    View Slide

  4. Good user experience
    design and good security
    cannot exist without each
    other

    View Slide

  5. Everyone deserves to be
    secure without being
    experts

    View Slide

  6. We need to stop expecting
    people to become security
    experts

    View Slide

  7. –Everyone not watching Mr Robot right now
    “I don’t care about security.”

    View Slide

  8. –MCGRAW, G., FELTEN, E., AND MACMICHAEL, R. 

    Securing Java: getting down to business with mobile code. Wiley Computer Pub., 1999
    “Given a choice between dancing pigs
    and security, the user will pick dancing
    pigs every time.”

    View Slide

  9. –Serena Chen, not allowed pets in her apartment
    “Given a choice between dancing pigs
    and security, the user will pick dancing
    pigs every time.”
    CATS
    CATS

    View Slide

  10. View Slide

  11. View Slide

  12. View Slide

  13. View Slide

  14. View Slide

  15. "

    View Slide

  16. Shaming people is lazy

    View Slide

  17. Obligatory xkcd: https://xkcd.com/149/

    View Slide

  18. –Everyone not watching Mr Robot right now
    “I don’t care about security.”

    View Slide

  19. –Serena Chen, lone nerd screaming into the void
    “I care!!!”

    View Slide

  20. View Slide

  21. View Slide

  22. View Slide

  23. View Slide

  24. Design thinking is another
    tool in the problem solving
    tool belt

    View Slide

  25. For your consideration:
    1.
    2.
    3.
    4.

    View Slide

  26. For your consideration:
    1. Paths of Least Resistance
    2.
    3.
    4.

    View Slide

  27. Paths of Least Resistance

    View Slide

  28. View Slide

  29. View Slide

  30. View Slide

  31. To stop internet, press firmly

    View Slide

  32. View Slide

  33. Consider the 

    “secure by default”
    principle

    View Slide

  34. View Slide

  35. View Slide

  36. Normalise security

    View Slide

  37. View Slide

  38. Group similar tasks

    View Slide

  39. People are lazy efficient

    View Slide

  40. Align your goals with the
    end user’s goals

    View Slide

  41. View Slide

  42. “I KNOW HOW TO INTERNET”

    View Slide

  43. “I KNOW HOW TO INTERNET”
    —Serena Chen, 

    a Real Human Adult™

    View Slide

  44. “I KNOW HOW TO INTERNET”
    —Serena Chen, 

    a Real Human Adult™

    View Slide

  45. Path of (Perceived) Least
    Resistance

    View Slide

  46. –S. Breznitz and C. Wolf. The psychology of false alarms. 

    Lawrence Erbaum Associates, NJ, 1984
    “Each false alarm reduces the credibility
    of a warning system.”

    View Slide

  47. Anderson et al. How polymorphic warnings reduce habituation in the brain: Insights from an fMRI study. In Proceedings of CHI, 2015

    View Slide

  48. Shadow IT is a massive
    vulnerability

    View Slide

  49. View Slide

  50. View Slide

  51. View Slide

  52. Illustration by Megan Pendergrass

    View Slide

  53. Fixing bad paths
    •Use security tools for security concerns, not
    management concerns
    •If you block enough non-threats, people
    will get really good at subverting your
    security

    View Slide

  54. Building good paths
    •Don’t make me think!
    •Make the secure path the easiest path
    •e.g. BeyondCorp model at Google

    View Slide

  55. “We designed our tools so that the user-
    facing components are clear and easy to
    use. […] For the vast majority of users,
    BeyondCorp is completely invisible.
    –V. M. Escobedo, F. Zyzniewski, B. (A. E.) Beyer, M. Saltonstall,
    “BeyondCorp: The User Experience”, Login, 2017

    View Slide

  56. View Slide

  57. Align your goals with the
    end user’s goals

    View Slide

  58. For your consideration:
    1. Paths of Least Resistance
    2.
    3.
    4.

    View Slide

  59. For your consideration:
    1. Paths of Least Resistance
    2. Intent
    3.
    4.

    View Slide

  60. Intent

    View Slide

  61. Tension between usability
    and security happens when
    we cannot accurately
    determine intent.

    View Slide

  62. “make it easy” “lock it down”

    View Slide

  63. It is not our job to make
    everything easy

    View Slide

  64. It is not our job to make
    everything locked down

    View Slide

  65. Our job is to make a specific action
    •that a specific user wants to take
    •at that specific time
    •in that specific place
    …easy
    Everything else we can lock down.

    View Slide

  66. Knowing intent = usability
    and security without
    compromise

    View Slide

  67. View Slide

  68. View Slide

  69. View Slide

  70. View Slide

  71. For your consideration:
    1. Paths of Least Resistance
    2. Intent
    3.
    4.

    View Slide

  72. For your consideration:
    1. Paths of Least Resistance
    2. Intent
    3. (Mis)communication
    4.

    View Slide

  73. (Mis)communication

    View Slide

  74. Wherever there is a
    miscommunication, there
    exists a human security
    vulnerability.

    View Slide

  75. What are you
    unintentionally
    miscommunicating?

    View Slide

  76. View Slide

  77. Wherever there is a
    miscommunication, there
    exists a human security
    vulnerability.

    View Slide

  78. View Slide

  79. View Slide

  80. View Slide

  81. View Slide

  82. (I didn’t actually do this)

    View Slide

  83. https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

    View Slide

  84. Do your end users know 

    what you’re trying to communicate?

    View Slide

  85. What is their mental model
    of what’s happening,
    compared to yours?

    View Slide

  86. For your consideration:
    1. Intent
    2. Path of Least Resistance
    3. (Mis)communication
    4.

    View Slide

  87. For your consideration:
    1. Intent
    2. Path of Least Resistance
    3. (Mis)communication
    4. Mental model matching

    View Slide

  88. Mental models

    View Slide

  89. It’s the user’s expectations
    that define whether a
    system is secure or not.

    View Slide

  90. View Slide

  91. View Slide

  92. –Ka-Ping Yee, “User Interaction Design for Secure Systems”, 

    Proc. 4th Int’l Conf. Information and Communications Security, Springer-Verlag, 2002
    “A system is secure from a given user’s
    perspective if the set of actions that
    each actor can do are bounded by
    what the user believes it can do.”

    View Slide

  93. Find their model,
    match to that
    Influence their model,
    match to system
    +

    View Slide

  94. Find their model
    • Go to customer sessions!
    • Observe end users
    • Infer intent through context

    View Slide

  95. Influence their model
    • When we make, we teach
    • Whenever someone interacts with us / 

    a thing we made, they learn.
    • Path of least resistance becomes the default
    “way to do things”.

    View Slide

  96. How are we already
    influencing users’ models?

    View Slide

  97. https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking
    iOS Phish

    View Slide

  98. What are we teaching?

    View Slide

  99. “I KNOW HOW TO INTERNET”
    —Serena Chen, 

    a Real Human Adult™

    View Slide

  100. View Slide

  101. Understand end user
    mental models

    View Slide

  102. View Slide

  103. What are your users’
    mental models?

    View Slide

  104. Review

    View Slide

  105. View Slide

  106. Takeaways
    •Cross pollination is rare. This is a missed
    opportunity!
    •Our jobs are about outcomes based on our
    specific goals
    •Align the user’s goals to your security goals

    View Slide

  107. Takeaways
    •Aim to know their intent
    •Collaborate with design to craft secure
    paths of least resistance
    •Understand their mental model vs yours
    •Communicate to that model

    View Slide

  108. One final anecdote…

    View Slide

  109. View Slide

  110. View Slide

  111. View Slide

  112. Thanks!
    Fight me @Sereeena

    View Slide