Property-based testing: a new approach to testing for assurance
ACM SIGSOFT Software Engineering Notes
Communications of the ACM
Safe and sound: a safety-critical approach to security
Proceedings of the 2001 workshop on New security paradigms
Pretty good persuasion: a first step towards effective password security in the real world
Proceedings of the 2001 workshop on New security paradigms
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
CHI '03 Extended Abstracts on Human Factors in Computing Systems
Hardening Web browsers against man-in-the-middle and eavesdropping attacks
WWW '05 Proceedings of the 14th international conference on World Wide Web
Graceful service degradation (or, how to know your payment is late)
Proceedings of the 6th ACM conference on Electronic commerce
Improving security decisions with polymorphic and audited dialogs
Proceedings of the 3rd symposium on Usable privacy and security
Proceedings of the 2008 workshop on New security paradigms
A control point for reducing root abuse of file-system privileges
Proceedings of the 17th ACM conference on Computer and communications security
QoS-T: QoS throttling to elicit user cooperation in computer systems
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
| Hi-index | 0.00 |
The Human Factor has long been recognized as the weakest link in computer systems security, yet, nothing technically significant has been done to address this problem in an attack agnostic manner. In this paper, we introduce the mantra of "The User is the Enemy" for security designers and developers alike as an underlying current towards addressing the weak human factor. We present different notions of the user and the system and argue from parallel tracks that user actions, both ignorant and non-compliant, are detrimental to the organization. We further show how the paradigm has been applied in a rather unconscious manner and contend that security mechanisms borne out of a conscious application will be more effective towards addressing this systemic problem. Our position is not meant to be a cynical attitude towards users; rather, it is meant to be the focal point of security design attitude, similar to the mantra "All user input is evil" for addressing buffer overflow attacks.