Topic presentation 1: ”Definition for Usable security”

This topic is about looking into how recent authors have defined usable security. This can happen either implicitly or explicitly – some papers may talk directly about how to define usable security, while others may use a working definition in their paper against which they evaluate a specific case, product or service, yet do not elaborate on the actual definition. Both types of papers can be sought out and used in order to see, how usable security is currently defined.

The original definition for usable security was given by Whitten and Tygar in their paper Why Johnny Can’t Encrypt in 1999. The idea here is to make a literature survey on more recent related work to compare, abandon or extend their original definition. You could start by looking into work directly building on this paper, such as Why Johnny can’t surf (safely)? Attacks and defenses for web users by A. Herzberg, Computers & Security, 2009, Elsevier or Why Johnny still can’t encrypt by Steve Sheng, Colleen Koranda, Jeremy Hyland and Levi Broderick (Carnegie Mellon University) at SOUPS 2006 and move on to papers such as Usable Security – Why Do We Need It? How Do We Get It? by M. Angela Sasse and Ivan Flechais in In L. Faith Cranor & S. Garfinkel [Eds.]: Security and Usability: Designing secure systems that people can use. pp. 13-30. O’Reilly Books, 2005 – and then to latest work in for example SOUPS 2011 or USEC’12 papers.

Other places to look for such work include (all to be found at ACM digital library, access from campus network): Proceedings of ACM CHI, Symposium on Usable Privacy and Security (SOUPS), ACM CSCW, New Security Paradigms Workshop (NSPW), ACM GROUP, USEC’07, UPSEC’08 and USEC’12 as well as from IEEE explore such as IEEE Security & Privacy conference & magazine, Elsevier Computer & Security magazine, or any journal in HCI that might have an article on usable security.