Pro Yearly is on sale from $80 to $50! »

Design for Security — O'Reilly Velocity 2018

Design for Security — O'Reilly Velocity 2018

C2817e27f333415dec3be6e5b805469a?s=128

Serena Chen

June 13, 2018
Tweet

Transcript

  1. Design for Security Serena Chen | @Sereeena | O’Reilly Velocity

    2018
  2. !

  3. Usability Security

  4. Good user experience design and good security cannot exist without

    each other
  5. Everyone deserves to be secure without being experts

  6. We need to stop expecting people to become security experts

  7. –Everyone not watching Mr Robot right now “I don’t care

    about security.”
  8. –MCGRAW, G., FELTEN, E., AND MACMICHAEL, R. 
 Securing Java:

    getting down to business with mobile code. Wiley Computer Pub., 1999 “Given a choice between dancing pigs and security, the user will pick dancing pigs every time.”
  9. –Serena Chen, not allowed pets in her apartment “Given a

    choice between dancing pigs and security, the user will pick dancing pigs every time.” CATS CATS
  10. None
  11. None
  12. None
  13. None
  14. None
  15. "

  16. Shaming people is lazy

  17. Obligatory xkcd: https://xkcd.com/149/

  18. –Everyone not watching Mr Robot right now “I don’t care

    about security.”
  19. –Serena Chen, lone nerd screaming into the void “I care!!!”

  20. None
  21. None
  22. None
  23. None
  24. Design thinking is another tool in the problem solving tool

    belt
  25. For your consideration: 1. 2. 3. 4.

  26. For your consideration: 1. Paths of Least Resistance 2. 3.

    4.
  27. Paths of Least Resistance

  28. None
  29. None
  30. None
  31. To stop internet, press firmly

  32. None
  33. Consider the 
 “secure by default” principle

  34. None
  35. None
  36. Normalise security

  37. None
  38. Group similar tasks

  39. People are lazy efficient

  40. Align your goals with the end user’s goals

  41. None
  42. “I KNOW HOW TO INTERNET”

  43. “I KNOW HOW TO INTERNET” —Serena Chen, 
 a Real

    Human Adult™
  44. “I KNOW HOW TO INTERNET” —Serena Chen, 
 a Real

    Human Adult™
  45. Path of (Perceived) Least Resistance

  46. –S. Breznitz and C. Wolf. The psychology of false alarms.

    
 Lawrence Erbaum Associates, NJ, 1984 “Each false alarm reduces the credibility of a warning system.”
  47. Anderson et al. How polymorphic warnings reduce habituation in the

    brain: Insights from an fMRI study. In Proceedings of CHI, 2015
  48. Shadow IT is a massive vulnerability

  49. None
  50. None
  51. None
  52. Illustration by Megan Pendergrass

  53. Fixing bad paths •Use security tools for security concerns, not

    management concerns •If you block enough non-threats, people will get really good at subverting your security
  54. Building good paths •Don’t make me think! •Make the secure

    path the easiest path •e.g. BeyondCorp model at Google
  55. “We designed our tools so that the user- facing components

    are clear and easy to use. […] For the vast majority of users, BeyondCorp is completely invisible. –V. M. Escobedo, F. Zyzniewski, B. (A. E.) Beyer, M. Saltonstall, “BeyondCorp: The User Experience”, Login, 2017
  56. None
  57. Align your goals with the end user’s goals

  58. For your consideration: 1. Paths of Least Resistance 2. 3.

    4.
  59. For your consideration: 1. Paths of Least Resistance 2. Intent

    3. 4.
  60. Intent

  61. Tension between usability and security happens when we cannot accurately

    determine intent.
  62. “make it easy” “lock it down”

  63. It is not our job to make everything easy

  64. It is not our job to make everything locked down

  65. Our job is to make a specific action •that a

    specific user wants to take •at that specific time •in that specific place …easy Everything else we can lock down.
  66. Knowing intent = usability and security without compromise

  67. None
  68. None
  69. None
  70. None
  71. For your consideration: 1. Paths of Least Resistance 2. Intent

    3. 4.
  72. For your consideration: 1. Paths of Least Resistance 2. Intent

    3. (Mis)communication 4.
  73. (Mis)communication

  74. Wherever there is a miscommunication, there exists a human security

    vulnerability.
  75. What are you unintentionally miscommunicating?

  76. None
  77. Wherever there is a miscommunication, there exists a human security

    vulnerability.
  78. None
  79. None
  80. None
  81. None
  82. (I didn’t actually do this)

  83. https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

  84. Do your end users know 
 what you’re trying to

    communicate?
  85. What is their mental model of what’s happening, compared to

    yours?
  86. For your consideration: 1. Intent 2. Path of Least Resistance

    3. (Mis)communication 4.
  87. For your consideration: 1. Intent 2. Path of Least Resistance

    3. (Mis)communication 4. Mental model matching
  88. Mental models

  89. It’s the user’s expectations that define whether a system is

    secure or not.
  90. None
  91. None
  92. –Ka-Ping Yee, “User Interaction Design for Secure Systems”, 
 Proc.

    4th Int’l Conf. Information and Communications Security, Springer-Verlag, 2002 “A system is secure from a given user’s perspective if the set of actions that each actor can do are bounded by what the user believes it can do.”
  93. Find their model, match to that Influence their model, match

    to system +
  94. Find their model • Go to customer sessions! • Observe

    end users • Infer intent through context
  95. Influence their model • When we make, we teach •

    Whenever someone interacts with us / 
 a thing we made, they learn. • Path of least resistance becomes the default “way to do things”.
  96. How are we already influencing users’ models?

  97. https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking iOS Phish

  98. What are we teaching?

  99. “I KNOW HOW TO INTERNET” —Serena Chen, 
 a Real

    Human Adult™
  100. None
  101. Understand end user mental models

  102. None
  103. What are your users’ mental models?

  104. Review

  105. None
  106. Takeaways •Cross pollination is rare. This is a missed opportunity!

    •Our jobs are about outcomes based on our specific goals •Align the user’s goals to your security goals
  107. Takeaways •Aim to know their intent •Collaborate with design to

    craft secure paths of least resistance •Understand their mental model vs yours •Communicate to that model
  108. One final anecdote…

  109. None
  110. None
  111. None
  112. Thanks! Fight me @Sereeena