Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Design for Security — O'Reilly Velocity 2018

Serena Chen
June 13, 2018
Technology
2
380

Design for Security — O'Reilly Velocity 2018

Serena Chen

June 13, 2018
Tweet

More Decks by Serena Chen

See All by Serena Chen
Like Share and Subscribe: Effective Communication of Security Advice
heisenburger
0
88
Design for Security — Web Directions Summit 2019
heisenburger
0
160
purplecon — like, comment and subscribe: effective communication of security advice
heisenburger
0
230
Design for Security — BSides Wellington 2017
heisenburger
1
440
The Ideal Styling Language — CSSConfAu 2016
heisenburger
2
180
Intro to Design and UX — The Good Bits
heisenburger
0
290

Other Decks in Technology

See All in Technology
web-application-security
matsuihidetoshi
0
180
Cracking the KubeCon CfP
inductor
2
250
生成AIの変革の時代に、 直近1年で直面した課題とその解決策
ktc_wada
0
370
On Your Data を超えていく!
hirotomotaguchi
2
700
KubeConにproposalを送りたい人へのアドバイス
sat
PRO
3
260
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
5
550
MixIT 2024 - Pulumi : Gérer son infra avec son langage de programmation préféré
ju_hnny5
0
100
Building a RAG-powered AI chat app with Python and VS Code
pamelafox
0
110
The AI Revolution Will Not Be Monopolized: Behind the scenes
inesmontani
PRO
0
110
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
170
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
220
Terraformあれやこれ/terraform-this-and-that
emiki
8
1.5k

Featured

See All Featured
Agile that works and the tools we love
rasmusluckow
325
20k
How STYLIGHT went responsive
nonsquared
92
4.8k
Automating Front-end Workflow
addyosmani
1356
200k
Product Roadmaps are Hard
iamctodd
44
9.7k
Thoughts on Productivity
jonyablonski
58
3.8k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
Testing 201, or: Great Expectations
jmmastey
28
6.4k
Designing the Hi-DPI Web
ddemaree
276
33k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
25
2.3k
Bash Introduction
62gerente
604
210k
Producing Creativity
orderedlist
PRO
337
39k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
7
1k

Transcript

  1. Design for Security Serena Chen | @Sereeena | O’Reilly Velocity

    2018

  2. !

  3. Usability Security

  4. Good user experience design and good security cannot exist without

    each other

  5. Everyone deserves to be secure without being experts

  6. We need to stop expecting people to become security experts

  7. –Everyone not watching Mr Robot right now “I don’t care

    about security.”

  8. –MCGRAW, G., FELTEN, E., AND MACMICHAEL, R. 
 Securing Java:

    getting down to business with mobile code. Wiley Computer Pub., 1999 “Given a choice between dancing pigs and security, the user will pick dancing pigs every time.”

  9. –Serena Chen, not allowed pets in her apartment “Given a

    choice between dancing pigs and security, the user will pick dancing pigs every time.” CATS CATS
  10. None
  11. None
  12. None
  13. None
  14. None

  15. "

  16. Shaming people is lazy

  17. Obligatory xkcd: https://xkcd.com/149/

  18. –Everyone not watching Mr Robot right now “I don’t care

    about security.”

  19. –Serena Chen, lone nerd screaming into the void “I care!!!”

  20. None
  21. None
  22. None
  23. None

  24. Design thinking is another tool in the problem solving tool

    belt

  25. For your consideration: 1. 2. 3. 4.

  26. For your consideration: 1. Paths of Least Resistance 2. 3.

    4.

  27. Paths of Least Resistance

  28. None
  29. None
  30. None

  31. To stop internet, press firmly

  32. None

  33. Consider the 
 “secure by default” principle

  34. None
  35. None

  36. Normalise security

  37. None

  38. Group similar tasks

  39. People are lazy efficient

  40. Align your goals with the end user’s goals

  41. None

  42. “I KNOW HOW TO INTERNET”

  43. “I KNOW HOW TO INTERNET” —Serena Chen, 
 a Real

    Human Adult™

  44. “I KNOW HOW TO INTERNET” —Serena Chen, 
 a Real

    Human Adult™

  45. Path of (Perceived) Least Resistance

  46. –S. Breznitz and C. Wolf. The psychology of false alarms.

    
 Lawrence Erbaum Associates, NJ, 1984 “Each false alarm reduces the credibility of a warning system.”

  47. Anderson et al. How polymorphic warnings reduce habituation in the

    brain: Insights from an fMRI study. In Proceedings of CHI, 2015

  48. Shadow IT is a massive vulnerability

  49. None
  50. None
  51. None

  52. Illustration by Megan Pendergrass

  53. Fixing bad paths •Use security tools for security concerns, not

    management concerns •If you block enough non-threats, people will get really good at subverting your security

  54. Building good paths •Don’t make me think! •Make the secure

    path the easiest path •e.g. BeyondCorp model at Google

  55. “We designed our tools so that the user- facing components

    are clear and easy to use. […] For the vast majority of users, BeyondCorp is completely invisible. –V. M. Escobedo, F. Zyzniewski, B. (A. E.) Beyer, M. Saltonstall, “BeyondCorp: The User Experience”, Login, 2017
  56. None

  57. Align your goals with the end user’s goals

  58. For your consideration: 1. Paths of Least Resistance 2. 3.

    4.

  59. For your consideration: 1. Paths of Least Resistance 2. Intent

    3. 4.

  60. Intent

  61. Tension between usability and security happens when we cannot accurately

    determine intent.

  62. “make it easy” “lock it down”

  63. It is not our job to make everything easy

  64. It is not our job to make everything locked down

  65. Our job is to make a specific action •that a

    specific user wants to take •at that specific time •in that specific place …easy Everything else we can lock down.

  66. Knowing intent = usability and security without compromise

  67. None
  68. None
  69. None
  70. None

  71. For your consideration: 1. Paths of Least Resistance 2. Intent

    3. 4.

  72. For your consideration: 1. Paths of Least Resistance 2. Intent

    3. (Mis)communication 4.

  73. (Mis)communication

  74. Wherever there is a miscommunication, there exists a human security

    vulnerability.

  75. What are you unintentionally miscommunicating?

  76. None

  77. Wherever there is a miscommunication, there exists a human security

    vulnerability.
  78. None
  79. None
  80. None
  81. None

  82. (I didn’t actually do this)

  83. https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

  84. Do your end users know 
 what you’re trying to

    communicate?

  85. What is their mental model of what’s happening, compared to

    yours?

  86. For your consideration: 1. Intent 2. Path of Least Resistance

    3. (Mis)communication 4.

  87. For your consideration: 1. Intent 2. Path of Least Resistance

    3. (Mis)communication 4. Mental model matching

  88. Mental models

  89. It’s the user’s expectations that define whether a system is

    secure or not.
  90. None
  91. None

  92. –Ka-Ping Yee, “User Interaction Design for Secure Systems”, 
 Proc.

    4th Int’l Conf. Information and Communications Security, Springer-Verlag, 2002 “A system is secure from a given user’s perspective if the set of actions that each actor can do are bounded by what the user believes it can do.”

  93. Find their model, match to that Influence their model, match

    to system +

  94. Find their model • Go to customer sessions! • Observe

    end users • Infer intent through context

  95. Influence their model • When we make, we teach •

    Whenever someone interacts with us / 
 a thing we made, they learn. • Path of least resistance becomes the default “way to do things”.

  96. How are we already influencing users’ models?

  97. https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking iOS Phish

  98. What are we teaching?

  99. “I KNOW HOW TO INTERNET” —Serena Chen, 
 a Real

    Human Adult™
  100. None

  101. Understand end user mental models

  102. None

  103. What are your users’ mental models?

  104. Review

  105. None

  106. Takeaways •Cross pollination is rare. This is a missed opportunity!

    •Our jobs are about outcomes based on our specific goals •Align the user’s goals to your security goals

  107. Takeaways •Aim to know their intent •Collaborate with design to

    craft secure paths of least resistance •Understand their mental model vs yours •Communicate to that model

  108. One final anecdote…

  109. None
  110. None
  111. None

  112. Thanks! Fight me @Sereeena