Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A usability study and critique of two password managers
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Secure software updates: disappointments and new challenges
HOTSEC'06 Proceedings of the 1st USENIX Workshop on Hot Topics in Security
Turtles all the way down: research challenges in user-based attestation
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
SOMA: mutual approval for included content in web pages
Proceedings of the 15th ACM conference on Computer and communications security
A look in the mirror: attacks on package managers
Proceedings of the 15th ACM conference on Computer and communications security
Proceedings of the 2008 workshop on New security paradigms
Dynamics of a Trusted Platform: A Building Block Approach
Dynamics of a Trusted Platform: A Building Block Approach
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Multiple password interference in text passwords and click-based graphical passwords
Proceedings of the 16th ACM conference on Computer and communications security
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Bootstrapping Trust in Commodity Computers
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
On the Incoherencies in Web Browser Access Control Policies
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Proceedings of the 17th ACM conference on Computer and communications security
A control point for reducing root abuse of file-system privileges
Proceedings of the 17th ACM conference on Computer and communications security
VEX: vetting browser extensions for security vulnerabilities
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Securing script-based extensibility in web browsers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
| Hi-index | 0.00 |
Scalable trusted computing seeks to apply and extend the fundamental technologies of trusted computing to large-scale systems. To provide the functionality demanded by users, bootstrapping a trusted platform is but the first of many steps in a complex, evolving mesh of components. The bigger picture involves building up many additional layers to allow computing and communication across large-scale systems, while delivering a system retaining some hint of the original trust goal. Not to be lost in the shuffle is the most important element: the system's human users. Unlike 40 years ago, they cannot all be assumed to be computer experts, under the employ of government agencies which provide rigorous and regular training, always on tightly controlled hardware and software platforms. It seems obvious that the design of scalable trusted computing systems necessarily must involve, as an immutable design constraint, realistic expectations of the actions and capabilities of normal human users. Experience shows otherwise. The security community does not have a strong track record of learning from user studies, nor of acknowledging that it is generally impossible to predict the actions of ordinary users other than by observing (e.g., through user experience studies) the actions such users actually take in the precise target conditions. We assert that because the design of scalable trusted computing systems spans the full spectrum from hardware to software to human users, experts in all these areas are essential to the end-goal of scalable trusted computing.