Cited By
View all- Zurko M(2005)User-Centered SecurityProceedings of the 21st Annual Computer Security Applications Conference10.1109/CSAC.2005.60(187-202)Online publication date: 5-Dec-2005
Omnivore: risk management through bidirectional transparency
Pages 97 - 105
Abstract
Internet users face a variety of risks as they conduct their business on-line, but they are often ill-equipped to recognize the risks and deal with them effectively. As a result, many users take the approach of limiting their on-line activities so as to reduce their exposure. This paper describes a risk management approach to building confidence and trust for Internet users. The underlying philosophy is not to make the Internet inherently safer, but to help users build an awareness of the risks they might encounter and to supply them with timely guidance. We also report on experience with a prototype system built to evaluate some of these ideas.
References
[1]
Anne Adams and Martina Angela Sasse. Users Are Not The Enemy: Why users compromise security mechanisms and how to take remedial measures. Communications of the ACM, 42(12):40--46, December 1999.
[2]
Computing Research Association. CRA Conference on Grand Research Challenges in Information Security & Assurance. http://www.cra.org/Activities/grand. challenges/security/, November 16-19 2003.
[3]
Lorrie Faith Cranor, Manjula Arjula, and Praveen Guduru. Use of a P3P user agent by early adopters. In Proceeding of the ACM workshop on Privacy in the Electronic Society, pages 1--10. ACM Press, 2002. See also http://www.privacybird.com/.
[4]
Audun Jøsang and S. Lo Presti. Analysing the Relationship Between Risk and Trust. In T. Dimitrakos, editor, Proceedings of the Second International Conference on Trust Management, April 2004.
[5]
Ross J. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Inc., New York, 2001.
[6]
Alma Whitten and J. D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceedings of the Eighth USENIX Security Symposium (Security'99), pages 169--183, Washington, DC, USA, 23-26 August 1999. USENIX Association. Available as http://www.cs.cmu.edu/~alma/johnny.pdf.
[7]
Alma Whitten and J. D. Tygar. Safe Staging for Computer Security. Presented at the CHI'03 workshop on HCI and Security Systems, April 6 2003. Available as http://www.andrewpatrick.ca/CHI2003/HCISEC/ hcisec-workshop-whitten.pdf.
[8]
Paul Dourish, Rebecca E. Grinter, Brinda Dalal, Jessica Delgado de la Flor, and Melissa Joseph. Security Day-to-Day: User Strategies for Managing Security as an Everyday, Practical Problem. Technical Report UCI-ISR-03-5, Institute for Software Research, University of California, Irvine, June 2003.
[9]
Batya Friedman, David Hurley, Daniel C. Howe, Edward Felten, and Helen Nissenbaum. Users' Conceptions of Web Security: A Comparative Study. In Conference Extended Abstracts on Human Factors in Computer Systems, pages 746--747, Minneapolis, Minnesota, USA, April 20-25 2002. ACM Press.
[10]
Batya Friedman, Helen Nissenbaum, David Hurley, Daniel C. Howe, and Edward Felten. Users' Conceptions of Risks and Harms on the Web: A Comparative Study. In Conference Extended Abstracts on Human Factors in Computer Systems, pages 614--615, Minneapolis, Minnesota, USA, April 20-25 2002. ACM Press.
[11]
David Brin. The Transparent Society: Will Technology Force Us to Choose Between Privacy and Freedom? Perseus Publishing, May 1998.
[12]
Bugnosis Web Bug Detector. http://www.bugnosis.org/.
[13]
Anne Carblanc. Privacy protection and redress in the online environment: Fostering effective alternative dispute resolution. In Proceedings of the 22nd International Conference on Privacy and Personal Data Protection, Venice, September 28-30 2000.
[14]
Electronic Privacy Information Center. The Carnivore FOIA Litigation. http://www.epic.org/privacy/carnivore/, May 2002.
[15]
B. J. Fogg, J. Marshall, O. Laraki, A. Osipovich, C. Varma, N. Fang, P. Jyoti, A. Rangnekar, J. Shon, P. Swani, and M. Treinen. What makes Web sites credible? A report on a large quantitative study. In Proceedings of the SIGCHI conference on human factors in computing systems, pages 61--68, Seattle, Washington, 31 March - 5 April 2001. ACM Press.
[16]
Sharad Goel, Mark Robson, Milo Polte, and Emin Gün Sirer. Herbivore: A Scalable and Efficient Protocol for Anonymous Communication. Technical Report TR2003-1890, Cornell University Computing and Information Science, February 2003. See also http://www.cam.cornell.edu/~sharad/herbivore/.
[17]
Nathaniel S. Good and Aaron Krekelberg. Usability and privacy: a study of KaZaA P2P file-sharing. In Proceedings of the SIGCHI conference on human factors in computing systems, pages 137--144, Fort Lauderdale, Florida, April 5-10 2003. ACM Press.
[18]
Rebecca E. Grinter and D. K. Smetters. Three Challenges for Embedding Security into Applications. Presented at the CHI'03 workshop on HCI and Security Systems, April 6 2003. Available as http://www.andrewpatrick.ca/CHI2003/HCISEC/hcisec-workshop-grinter.pdf.
[19]
Herbivore Distributed Anti-Spam Filter. http://www.herbivore.us/, 2004.
[20]
Lynette I. Millett, Batya Friedman, and Edward Felten. Cookies and web browser design: toward realizing informed consent online. In Proceedings of the SIGCHI conference on human factors in computing systems, pages 46--52. ACM Press, 2001.
[21]
Kevin D. Mitnick, William L. Simon, and Steve Wozniak. The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons, first edition, October 4 2002.
[22]
Cheskin Research. Trust in the wired americas. Available from http://www.cheskin.com/, July 2000.
[23]
Carl W. Turner. Investigating consumers' perceptions of security and privacy of e-commerce web sites. In Proceedings of the Usability Professionals Association Conference, Orlando, Florida, 2002.
[24]
Zishuang (Eileen) Ye and Sean Smith. Trusted Paths for Browsers. In Proceedings of the 11th USENIX Security Symposium (Security '02), pages 263--279, San Francisco, August 5-9 2002. USENIX Association.
Recommendations
Critical Infrastructure and Internal Controls
ASONAM '12: Proceedings of the 2012 International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2012)Critical refers to infrastructure that provides an essential support for economic and social well-being, for public safety and for the functioning of key government responsibilities. According to Resolution of the National Security Strategy of the ...
Risk Summarization
ICCIS '11: Proceedings of the 2011 International Conference on Computational and Information SciencesRisk management includes phases such as risk identification, risk assessment and risk control. Little work has focused on risk summarization, which is a useful phase of risk management. Risk summarization means a list of occurred risks, risk ...
Comments
Information & Contributors
Information
Published In
Copyright © 2004 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- SIGSAC: ACM Special Interest Group on Security, Audit, and Control
- San Diego Super Computing Ctr: San Diego Super Computing Ctr
- James Madison University
- ACSA: Applied Computing Security Assoc
- NSA: The National Security Agency
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 September 2004
Check for updates
Author Tags
Qualifiers
- Article
Acceptance Rates
Overall Acceptance Rate 62 of 170 submissions, 36%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 723Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)0
Reflects downloads up to 15 Sep 2024
Other Metrics
Citations
Cited By
View all- Zurko M(2005)User-Centered SecurityProceedings of the 21st Annual Computer Security Applications Conference10.1109/CSAC.2005.60(187-202)Online publication date: 5-Dec-2005
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in