Frontiers of Usable Security and Privacy

In this project the primary objective is to extend the frontiers of Usable Security research and develop principles, methods and tools with which to investigate the actions, perceptions and needs of administrators and developers in order to help them create secure and usable systems. The methods researched in this project will lay the foundation for this extension of the USEC research domain. USEC research has already greatly improved our understanding of end-user problems and how to create better systems for them. Achieving this for administrators and developers will be of great benefit for the entire IT ecosystem, since human errors of developers and administrators have such wide-ranging and dire consequences. It is vital that we have research methods to understand and support those responsible for creating and configuring the systems we all rely on. Secondary objectives of this project are improvements to the development and configuration processes of five important application areas as proof of concept demonstrations of the value of my approach. The application domains are: administrator and developer USEC research into risk-perception and mental-models; security warnings; secure messaging; authentications, public key infrastructures and intrusion detection systems.

  • Green, Matthew ; Smith, Matthew: Developers Are Users Too: Designing Crypto and Security APIs That Busy Engineers and Sysadmins Can Use Securely.. In: . Washington, D.C. : USENIX Association, 2015