Issues in the design of computer support for co-authoring and commenting
CSCW '90 Proceedings of the 1990 ACM conference on Computer-supported cooperative work
Awareness and coordination in shared workspaces
CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
A taxonomy for key escrow encryption systems
Communications of the ACM
Policies and roles in collaborative applications
CSCW '96 Proceedings of the 1996 ACM conference on Computer supported cooperative work
The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Participatory Design: Principles and Practices
Participatory Design: Principles and Practices
Unpacking "privacy" for a networked world
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A Data Model and Semantics of Objects with Dynamic Roles
ICDE '97 Proceedings of the Thirteenth International Conference on Data Engineering
Human values, ethics, and design
The human-computer interaction handbook
Moving from the design of usable security technologies to the design of useful secure applications
Proceedings of the 2002 workshop on New security paradigms
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Security in the wild: user strategies for managing security as an everyday, practical problem
Personal and Ubiquitous Computing
Social navigation as a model for usable security
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
User-Centered Security: Stepping Up to the Grand Challenge
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Secrecy, flagging, and paranoia: adoption criteria in encrypted email
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A Stateful Approach to Spyware Detection and Removal
PRDC '06 Proceedings of the 12th Pacific Rim International Symposium on Dependable Computing
Secrets and Lies
IEEE Security and Privacy
On "Technomethodologyn";: foundational relationships between ethnomethodology and system design
Human-Computer Interaction
The intellectual challenge of CSCW: the gap between social requirements and technical feasibility
Human-Computer Interaction
Intelligibility and accountability: human considerations in context-aware systems
Human-Computer Interaction
The Design of Everyday Things
Sesame: informing user security decisions with system visualization
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Talc: using desktop graffiti to fight software vulnerability
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Cognitive security for personal devices
Proceedings of the 1st ACM workshop on Workshop on AISec
Towards improving mental models of personal firewall users
CHI '09 Extended Abstracts on Human Factors in Computing Systems
Revealing hidden context: improving mental models of personal firewall users
Proceedings of the 5th Symposium on Usable Privacy and Security
Challenges in supporting end-user privacy and security management with social navigation
Proceedings of the 5th Symposium on Usable Privacy and Security
Mixed-initiative security agents
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Making policy decisions disappear into the user's workflow
CHI '10 Extended Abstracts on Human Factors in Computing Systems
Investigating an appropriate design for personal firewalls
CHI '10 Extended Abstracts on Human Factors in Computing Systems
Designing for social interaction with mundane technologies: issues of security and trust
Personal and Ubiquitous Computing
Towards security policy decisions based on context profiling
Proceedings of the 3rd ACM workshop on Artificial intelligence and security
Integrating user feedback with heuristic security and privacy management systems
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proceedings of the Seventh Symposium on Usable Privacy and Security
Hi-index | 0.00 |
End-users are often perceived as the weakest link in information security. Because of this perception, a growing body of research and commercial activity is focused on automated approaches to security. With these approaches, security decisions are removed from the hands of the users, and are placed instead in systems themselves, or in remote services or organizations that establish policies that are automatically enforced. We contend that although security automation is potentially beneficial in theory, in practice it is not a panacea for end-user information security. A number of technical and social factors mitigate against the acceptance and efficacy of automated end-user security solutions in many cases. In this paper, we present a discussion of the inherent limitations of automating security for end-users. We then discuss a set of design guidelines for choosing whether to automate end-user security systems. We conclude with a set of research directions focused on increasing the acceptance and efficacy of security solutions for end-users.