Network security: private communication in a public world
Network security: private communication in a public world
Communications of the ACM
Safe and sound: a safety-critical approach to security
Proceedings of the 2001 workshop on New security paradigms
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Beyond Fear: Thinking Sensibly about Security in an Uncertain World
Beyond Fear: Thinking Sensibly about Security in an Uncertain World
ACM Transactions on Information and System Security (TISSEC)
Gathering evidence: use of visual security cues in web browsers
GI '05 Proceedings of Graphics Interface 2005
Improving user-interface dependability through mitigation of human error
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Improving interface designs to help users choose better passwords
CHI '06 Extended Abstracts on Human Factors in Computing Systems
Password management strategies for online accounts
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Human selection of mnemonic phrase-based passwords
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Decision strategies and susceptibility to phishing
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Looking for trouble: understanding end-user security management
Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish
Proceedings of the 3rd symposium on Usable privacy and security
Getting users to pay attention to anti-phishing education: evaluation of retention and transfer
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Human-seeded attacks and exploiting hot-spots in graphical passwords
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Security automation considered harmful?
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Visual spoofing of SSL protected web sites and effective countermeasures
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Towards improving mental models of personal firewall users
CHI '09 Extended Abstracts on Human Factors in Computing Systems
Revealing hidden context: improving mental models of personal firewall users
Proceedings of the 5th Symposium on Usable Privacy and Security
Security and usability research using a microworld environment
Proceedings of the 11th International Conference on Human-Computer Interaction with Mobile Devices and Services
Investigating user account control practices
CHI '10 Extended Abstracts on Human Factors in Computing Systems
Teaching Johnny not to fall for phish
ACM Transactions on Internet Technology (TOIT)
SSLock: sustaining the trust on entities brought by SSL
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Proceedings of the Sixth Symposium on Usable Privacy and Security
Folk models of home computer security
Proceedings of the Sixth Symposium on Usable Privacy and Security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
Pattern classification driven enhancements for human-in-the-loop decision support systems
Decision Support Systems
Interface design elements for anti-phishing systems
DESRIST'11 Proceedings of the 6th international conference on Service-oriented perspectives in design science research
Service extraction from operator procedures in process industries
DESRIST'11 Proceedings of the 6th international conference on Service-oriented perspectives in design science research
Improving computer security dialogs
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Johnny in internet café: user study and exploration of password autocomplete in web browsers
Proceedings of the 7th ACM workshop on Digital identity management
Influencing mental models of security: a research agenda
Proceedings of the 2011 workshop on New security paradigms workshop
An empirical study of visual security cues to prevent the SSLstripping attack
Proceedings of the 27th Annual Computer Security Applications Conference
A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings
Proceedings of the Seventh Symposium on Usable Privacy and Security
Rational security: Modelling everyday password use
International Journal of Human-Computer Studies
Decision support for improved service effectiveness using domain aware text mining
Knowledge-Based Systems
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
Stories as informal lessons about security
Proceedings of the Eighth Symposium on Usable Privacy and Security
Privacy in mobile technology for personal healthcare
ACM Computing Surveys (CSUR)
CodeShield: towards personalized application whitelisting
Proceedings of the 28th Annual Computer Security Applications Conference
Understanding the weaknesses of human-protocol interaction
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Supporting visual security cues for WebView-based Android apps
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Autonomous control in military logistics vehicles: trust and safety analysis
EPCE'13 Proceedings of the 10th international conference on Engineering Psychology and Cognitive Ergonomics: applications and services - Volume Part II
| Hi-index | 0.00 |
Many secure systems rely on a "human in the loop" to perform security-critical functions. However, humans often fail in their security roles. Whenever possible, secure system designers should find ways of keeping humans out of the loop. However, there are some tasks for which feasible or cost effective alternatives to humans are not available. In these cases secure system designers should engineer their systems to support the humans in the loop and maximize their chances of performing their security-critical functions successfully. We propose a framework for reasoning about the human in the loop that provides a systematic approach to identifying potential causes for human failure. This framework can be used by system designers to identify problem areas before a system is built and proactively address deficiencies. System operators can also use this framework to analyze the root cause of security failures that have been attributed to "human error." We provide examples to illustrate the applicability of this framework to a variety of secure systems design problems, including anti-phishing warnings and password policies.