NSPW '96 Proceedings of the 1996 workshop on New security paradigms
User-Centered Security: Stepping Up to the Grand Challenge
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
| Hi-index | 0.00 |
This paper details a true and striking paradigm shift: the use of E-Prime for (at least) user-centered security, organizational/enterprise security policies and informal security policy modeling. In 1965, D. David Bourland, Jr. proposed E-Prime as an addition to Korzybski's General Semantics. Bourland defined E-Prime as that proper subset of the English language that omits any forms of the verb "to be." E-Prime seems desirable because two forms of the verb "to be" have structural problems with security implications that the use of E-Prime would eliminate. I first examine the rationale for E-Prime (reviewing the Sapir-Whorf hypothesis and the relevant parts of General Semantics), and then cover the basics of E-Prime. Next I examine the use of E-Prime with several "before and after" examples in the areas of user-centered security (Microsoft and ZoneAlarm software messages), organizational/enterprise security policy, and informal security policy modeling (including some examples from the U.S. Computer Security Act and the Clark-Wilson model); these examples show how EPrime can make great improvements in eliminating bad structure and how its use can lead to an overall improvement in security. I then present some of the discussion that occurred at the New Security Paradigms Workshop. I conclude with some thoughts for other areas of promising future research, including roles and responsibilities, program management, risk management, planning and the security life cycle, assurance, disaster planning, incident handling, user awareness and training, support and operations, spam detection, security engineering, and automated E-Prime tools.