TOWARD BETTER USABILITY, SECURITY, AND PRIVACY OF INFORMATION TECHNOLOGY
REPORT OF A WORKSHOP
NATIONAL RESEARCH COUNCIL
OF THE NATIONAL ACADEMIES
THE NATIONAL ACADEMIES PRESS
Washington, D.C.
www.nap.edu
THE NATIONAL ACADEMIES PRESS
500 Fifth Street, N.W.
Washington, DC 20001
NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance.
This project was supported by the National Science Foundation under Grant No. CNS-0841126 and the National Institute of Standards and Technology under Grant No. 70NANB8H8126. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the view of the organizations or agencies that provided support for this project.
International Standard Book Number-13: 978-0-309-16090-2
International Standard Book Number-10: 0-309-16090-1
Copies of this report are available from:
The National Academies Press
500 Fifth Street, N.W., Lockbox 285 Washington, DC 20055 (800) 624-6242 (202) 334-3313 (in the Washington metropolitan area) Internet: http://www.nap.edu
Copyright 2010 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America
THE NATIONAL ACADEMIES
Advisers to the Nation on Science, Engineering, and Medicine
The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Ralph J. Cicerone is president of the National Academy of Sciences.
The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Charles M. Vest is president of the National Academy of Engineering.
The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Harvey V. Fineberg is president of the Institute of Medicine.
The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Ralph J. Cicerone and Dr. Charles M. Vest are chair and vice chair, respectively, of the National Research Council.
STEERING COMMITTEE ON THE USABILITY, SECURITY, AND PRIVACY OF COMPUTER SYSTEMS
NICHOLAS ECONOMIDES,
New York University,
Chair
LORRIE FAITH CRANOR,
Carnegie Mellon University
JAMES D. FOLEY,
Georgia Institute of Technology
SIMSON L. GARFINKEL,
Naval Postgraduate School
BUTLER W. LAMPSON,
Microsoft Corporation
SUSAN LANDAU,
Radcliffe Institute for Advanced Study
DONALD A. NORMAN,
Northwestern University
CHARLES P. PFLEEGER,
Pfleeger Consulting Group
Staff
JON EISENBERG, Director,
Computer Science and Telecommunications Board
NANCY GILLIS, Program Officer (through January 2010)
SHENAE BRADLEY, Senior Program Assistant
COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD
ROBERT F. SPROULL,
Oracle Corporation,
Chair
PRITHVIRAJ BANERJEE,
Hewlett-Packard Company
STEVEN M. BELLOVIN,
Columbia University
SEYMOUR E. GOODMAN,
Georgia Institute of Technology
JOHN E. KELLY III,
IBM
JON M. KLEINBERG,
Cornell University
ROBERT KRAUT,
Carnegie Mellon University
SUSAN LANDAU,
Radcliffe Institute for Advanced Study
DAVID E. LIDDLE,
US Venture Partners
WILLIAM H. PRESS,
University of Texas, Austin
PRABHAKAR RAGHAVAN,
Yahoo! Labs
DAVID E. SHAW,
D.E. Shaw Research
ALFRED Z. SPECTOR,
Google, Inc.
JOHN A. SWAINSON,
Silver Lake
PETER SZOLOVITS,
Massachusetts Institute of Technology
PETER J. WEINBERGER,
Google, Inc.
ERNEST J. WILSON,
University of Southern California
Staff
JON EISENBERG, Director
VIRGINIA BACON TALATI, Associate Program Officer
SHENAE BRADLEY, Senior Program Assistant
RENEE HAWKINS, Financial and Administrative Manager
HERBERT S. LIN, Chief Scientist
EMILY ANN MEYER, Program Officer
LYNETTE I. MILLETT, Senior Program Officer
ERIC WHITAKER, Senior Program Assistant
ENITA A. WILLIAMS, Associate Program Officer
For more information on CSTB, see its website at http://www.cstb.org, write to CSTB, National Research Council, 500 Fifth Street, N.W., Washington, DC 20001, call (202) 334-2605, or e-mail the CSTB at cstb@nas.edu.
Preface
Usability has emerged as a significant issue in ensuring the security and privacy of computer systems. More-usable security can help avoid the inadvertent (or even deliberate) undermining of security by users. Indeed, without sufficient usability to accomplish tasks efficiently and with less effort, users will often tend to bypass security features. A small but growing community of researchers, with roots in such fields as human-computer interaction, psychology, and computer security, has been conducting research in this area.
With sponsorship from the National Science Foundation and the National Institute of Standards and Technology, the National Research Council’s Computer Science and Telecommunications Board conducted a 2-day workshop in July 2009 to identify promising research directions that would help advance usability, security, and privacy. It was also intended that the workshop would build awareness—in the research community as well as in federal agencies and the broader technical community responsible for the design, development, and deployment of information systems—of the challenges at the nexus of usability and security/privacy, the trade-offs that exist today, and the opportunities for making advances. A single workshop of this sort cannot be comprehensive; indeed, important topics such as the special usability considerations faced by those with impairments were not covered.
The Steering Committee on the Usability, Security, and Privacy of Computer Systems was convened to plan the workshop (biosketches of the steering committee members can be found in Appendix C). The work-
BOX P.1 Statement of Task An ad hoc committee will plan and conduct a public workshop on ways to advance the usability, security, and privacy of computer systems. The workshop will feature invited presentations and discussions on the state-of-the-art in usability, security, and privacy and how usability contributes to security and privacy. The agenda should include topics on ways to mutually advance objectives in usability and security/privacy especially in cases that replace trade-offs (e.g., between usability and security) with win-win scenarios. It should also include topics on research opportunities and potential roles for the federal government, academia, and industry and ways to embed usability considerations in research, design, and development related to security, privacy and vice versa. A report of the workshop will be issued. |
shop was designed to identify research opportunities and potential roles for the federal government, academia, and industry and ways to embed usability considerations in research, design, and development related to security and privacy, and vice versa (the formal statement of task appears in Box P.1).
This report summarizes the workshop. As a workshop report, it does not necessarily reflect the consensus views of the committee or the workshop participants, and the committee was not asked to provide findings or recommendations.
The workshop was structured to gather suggestions from experts on computer security, privacy, and usability, as well as from economists and sociologists on new research topics within the intersection of usability, security, and privacy. It also involved a number of federal government representatives interested in usability, security, and privacy research. A detailed agenda can be found in Appendix A, and a list of workshop participants can be found in Appendix B.
The workshop featured two overview presentations, the first addressing computer security and the second addressing usability (summarized in Chapter 2). It also included six presentations intended to provide an overview of current and prospective research topics (summarized in Chapter 3). Following these talks, workshop participants split into smaller groups that discussed research needs and opportunities, addressing the topics listed in Appendix A. They were provided in advance with a set of potential research questions developed by the steering committee. The committee’s summary of results from the breakout sessions is presented
in Chapter 4. Chapter 5 discusses overarching questions in advancing research in usability, security, and privacy.
The committee thanks the workshop participants for their thoughtful presentations and discussion. It also acknowledges the financial support provided by the project’s sponsors, the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST), and it appreciates the encouragement and support of Mary F. Theofanos (NIST) and Karl N. Levitt and C. Suzanne Iacono (NSF).
Nicholas Economides, Chair
Steering Committee on the Usability, Security, and Privacy of Computer Systems
Acknowledgment of Reviewers
This report has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the National Research Council’s (NRC’s) Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published report as sound as possible and to ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their review of this report:
Steven M. Bellovin, Columbia University,
Bob Blakley, Gartner, Inc.,
Tadayoshi Kohno, University of Washington,
Eric Sachs, Google, Inc., and
Stuart E. Schechter, Microsoft Research.
Although the reviewers listed above have provided many constructive comments and suggestions, they were not asked to endorse the views expressed, nor did they see the final draft of the report before its release. The review of this report was overseen by Joseph F. Traub, Columbia University. Appointed by the NRC, he was responsible for making certain that an independent examination of this report was carried out in accor-