CSAIL Research Abstracts - 2005 link to http://publications.csail.mit.edu/abstracts/abstracts05/index.html link to http://www.csail.mit.edu
bullet Introduction bullet Architecture, Systems
& Networks
bullet Language, Learning,
Vision & Graphics
bullet Physical, Biological
& Social Systems
bullet Theory bullet

horizontal line

Design Principles and Patterns for Computer Systems that are Simultaneously Secure and Usable

Simson L. Garfinkel

It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synenergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications.

This thesis presents specific design patterns that can be used to align security and usability.

Patterns to address the release of confidential information through remnant data on hard drives, in web browsers, and in documents are supposed through a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of sanitization failures.

Patterns for enabling secure messaging through the adoption of new key management techniques are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals.

Patterns for promoting secure operation patterns by reducing the danger of covert monitoring are supported by the literature review and an analysis of current systems.

In every case considered, it is shown that the design and implementation that are responsible for the antagonism of security and usability can be readily corrected---and that this can be done without detracting from overall system security or usability.

It is very likely that additional patterns can be identified in other related areas. These patterns can be directly applied by today's software developers and used for educating the next generation of programmers so that longstanding usability problems in computer security can at last be addressed.

horizontal line

MIT logo Computer Science and Artificial Intelligence Laboratory (CSAIL)
The Stata Center, Building 32 - 32 Vassar Street - Cambridge, MA 02139 - USA
tel:+1-617-253-0073 - publications@csail.mit.edu
(Note: On July 1, 2003, the AI Lab and LCS merged to form CSAIL.)