research-article

Open access

Security Fictions: Bridging Speculative Design and Computer Security

Author:

Nick MerrillAuthors Info & Claims

DIS '20: Proceedings of the 2020 ACM Designing Interactive Systems Conference

Pages 1727 - 1735

https://doi.org/10.1145/3357236.3395451

Published: 03 July 2020 Publication History

Abstract

This paper begins with an observation: that threat identification is an intrinsically speculative practice. It requires imagining possible futures. Drawing on methods from speculative design, this paper presents an improvisational role-playing game designed to help software developers identify security threats. It deploys this game with seven software developers, who used the game to successfully identify diverse threats in their software. The insights from this deployment motivate future work on both the game itself and on organizational accounts of security. I call on the design research community to continue to apply its methods and perspectives to computer security, locating threat identification itself, like all speculation, as a site of social and political power.

References

[1]

Stephanie Ballard, Karen M. Chappell, and Kristen Kennedy. 2019. Judgment Call the Game: Using Value Sensitive Design and Design Fiction to Surface Ethical Concerns Related to Technology. In Proceedings of the 2019 on Designing Interactive Systems Conference (DIS '19). Association for Computing Machinery, New York, NY, USA, 421--433.

Digital Library

[2]

Mark Blythe. 2014. Research Through Design Fiction: Narrative in Real and Imaginary Abstracts. Proceedings of the 2014 Conference on Human Factors in Computing Systems (CHI '14) (2014), 10.

Digital Library

[3]

Sean Brooks. 2018. Defending Politically Vulnerable Organizations Online. Technical Report. Center for Long-Term Cybersecurity, Berkeley, CA, USA.

[4]

U.S. Department of Labor Bureau of Labor Statistics. 2019. Information Security Analysts. (2019). https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm

[5]

Stuart Candy. 2018. Gaming futures literacy: The Thing From The Future. April (2018).

[6]

Kathy Charmaz. 2006. Constructing grounded theory: A practical guide through qualitative analysis. sage.

[7]

Danielle Keats Citron. 2014. Hate crimes in cyberspace. Harvard University Press.

Digital Library

[8]

Lizzie Coles-Kemp. 2009. Information security management: An entangled research challenge. Information Security Technical Report (2009).

[9]

Tamara Denning, Batya Friedman, and Tadayoshi Kohno. 2013a. The Security Cards. (2013).

[10]

Tamara Denning, Adam Lerner, Adam Shostack, and Tadayoshi Kohno. 2013b. Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education. CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (2013), 915--928.

Digital Library

[11]

Paul Dourish and Ken Anderson. 2006. Collective information practice: Exploring privacy and security as social and cultural phenomena. Human-Computer Interaction 21, 3 (2006), 319--342.

Digital Library

[12]

Anthony Dunne and F Raby. 2013. Speculative Everything. Design, Fiction and Social Dreaming (2013), 1--10. https://mitpress.mit.edu/books/speculative-everything

[13]

Chris Elsden, David Chatting, Abigail C. Durrant, Andrew Garbett, Bettina Nissen, John Vines, and David S. Kirk. 2017. On Speculative Enactments. Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI '17) (2017), 5386--5399.

Digital Library

[14]

Chris Elsden, Bettina Nissen, Andrew Garbett, David Chatting, David Kirk, and John Vines. 2016. Metadating. Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems - CHI '16 (2016), 685--698.

Digital Library

[15]

Shamal Faily, Simon Parkin, and John Lyle. Secure System? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems. Technical Report.

[16]

Diana Freed, Jackeline Palmer, Diana Minchala, Karen Levy, Thomas Ristenpart, and Nicola Dell. 2018. A Stalker's Paradise: How Intimate Partner Abusers Exploit Technology. Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (CHI '18) (2018), 1--13.

Digital Library

[17]

Michael Freed, Jaime Carbonell, Geoff Gordon, Jordan Hayes, Brad Myers, Daniel Siewiorek, Stephen Smith, Aaron Steinfeld, and Anthony Tomasic. 2008. RADAR : A Personal Assistant that Learns to Reduce Email Overload. In Twenty-Third AAAI Conference on Artificial Intelligence. 1287--1293. oso/9780199606375.003.0001

[18]

S. Frey, A. Rashid, P. Anthonysamy, M. Pinto-Albuquerque, and S. A. Naqvi. 2019. The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game. IEEE Transactions on Software Engineering 45, 5 (2019), 521--536.

[19]

Batya Friedman and David G. Hendry. 2012. The envisioning cards: A toolkit for catalyzing humanistic and technical imaginations. Proceedings of the 2012 ACM Annual Conference on Human Factors in Computing Systems (CHI '12) (2012), 1145--1148.

Digital Library

[20]

Charles Goodwin. 1994. Professional Vision. American Anthropologist 96, 3 (1994), 606--633.

[21]

Jason I. Hong, Jennifer D. Ng, Scott Lederer, and James A. Landay. 2004. Privacy risk models for designing privacy-sensitive ubiquitous computing systems. Proceedings of the 2004 conference on Designing interactive systems processes, practices, methods, and techniques (DIS '04) (2004), 91.

Digital Library

[22]

Dorothy Howard and Lilly Irani. 2019. Ways of Knowing When Research Subjects Care. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. 1--16.

Digital Library

[23]

Roxanne Leitão. 2019. Anticipating Smart Home Security and Privacy Threats with Survivors of Intimate Partner Abuse. In Proceedings of the 2019 on Designing Interactive Systems Conference (DIS '19). ACM, New York, NY, USA, 527--539.

Digital Library

[24]

Abstract P Lisa Nathan, Predrag V Klasnja, and Batya Friedman. 2007. Value Scenarios: A Technique for Envisioning Systemic Effects of New Technologies.

[25]

Mike Masnick. 2018. CIA: A competitive card game based on the CIA's declassified training game, Collection Deck. (2018). https://www.kickstarter.com/projects/mmasnick/cia-collect-it-all

[26]

William Newhouse, Stephanie Keith, Benjamin Scribner, and Greg Witte. 2017. National initiative for cybersecurity education (NICE) cybersecurity workforce framework. NIST Special Publication 800 (2017), 181.

[27]

Helen Nissenbaum. 2005. Where computer security meets national security. Ethics and Information Technology 7, 2 (2005), 61--73.

Digital Library

[28]

James Pierce, Nick Merrill, Richmond Y Wong, Sarah Fox, and Eric Paulos. 2018. An Interface without A User : An Exploratory Design Study of Online Privacy Policies and Digital Legalese. (2018).

[29]

Lena Reinfelder, Robert Landwirth, and Zinaida Benenson. 2019. Security Managers Are Not The Enemy Either. Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems - CHI '19 (2019), 1--7.

Digital Library

[30]

AnnaLee Saxenian. 1996. Regional advantage. Harvard University Press.

[31]

Adam Shostack. 2014a. Elevation of Privilege: Drawing Developers into Threat Modeling. USENIX Summit on Gaming, Games, and Gamification in Security Education (2014), 1--15.

[32]

Adam Shostack. 2014b. Threat modeling: Designing for security. John Wiley & Sons.

Digital Library

[33]

Lucy Suchman, Karolina Follis, and Jutta Weber. 2017. Tracking and Targeting: Sociotechnologies of (In)security. 42, 6 (2017), 983--1002.

[34]

Jasper Tran O'Leary, Sara Zewde, Jennifer Mankoff, and Daniela K Rosner. 2019. Who Gets to Future? Race, Representation, and Design Methods in Africatown. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. 1--13.

Digital Library

[35]

Charles Weir, Lynne Blair, Ingolf Becker, M Angela Sasse, and James Noble. 2018. Light-touch Interventions to Improve Software Development Security. IEEE Cybersecurity Development Conference (2018).

[36]

Richmond Y Wong, Ellen Van Wyk, and James Pierce. 2017. Real-fictional entanglements: Using science fiction and design fiction to interrogate sensing technologies. In Proceedings of the 2017 Conference on Designing Interactive Systems. 567--579.

Digital Library

[37]

Christopher Wylie. 2018. Cambridge Analytica and Data Privacy. (May 2018). https://cs.pn/2WC4Oz4

[38]

Micah Zenko. 2015. Red Team: How to Succeed by Thinking Like the Enemy. Basic Books. http://search.ebscohost.com/login.aspx?direct=true

Cited By

Chivukula SGray CLi ZPivonka AChen J(2024)Surveying a Landscape of Ethics-Focused Design MethodsACM Journal on Responsible Computing10.1145/36789881:3(1-32)Online publication date: 17-Jul-2024
https://dl.acm.org/doi/10.1145/3678988
Sörries PLeimstädtner DMüller-Birn C(2024)Advocating Values through Meaningful Participation: Introducing a Method to Elicit and Analyze Values for Enriching Data Donation Practices in HealthcareProceedings of the ACM on Human-Computer Interaction10.1145/36372938:CSCW1(1-32)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637293
Sörries PFranzen DSperl MMüller-Birn C(2023)Foregrounding Values through Public Participation: Eliciting Values of Citizens in the Context of Mobility Data DonationProceedings of Mensch und Computer 202310.1145/3603555.3608531(387-394)Online publication date: 3-Sep-2023
https://dl.acm.org/doi/10.1145/3603555.3608531
Show More Cited By

Index Terms

Security Fictions: Bridging Speculative Design and Computer Security
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Empirical studies in HCI
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Social aspects of security and privacy

Recommendations

Internet of Things security

The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the IoT ...
Dark Clouds, Io&#!+, and [Crystal Ball Emoji]: Projecting Network Anxieties with Alternative Design Metaphors
DIS '17: Proceedings of the 2017 Conference on Designing Interactive Systems

This design inquiry engages concerns set within the frame of network anxieties. Our work projects and engages negative affective dimensions of digital networks including anxiety, exhaustion, overstimulation, overload, paranoia, unease, distrust, fear, ...
Our Friends Electric: Reflections on Advocacy and Design Research for the Voice Enabled Internet
CHI '19: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems

Emerging technologies---such as the voice enabled internet---present many opportunities and challenges for HCI research and society as a whole. Advocating for better, healthier implementations of these technologies will require us to communicate ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DIS '20: Proceedings of the 2020 ACM Designing Interactive Systems Conference

July 2020

2264 pages

ISBN:9781450369749

DOI:10.1145/3357236

General Chairs:
Ron Wakkary
Simon Fraser University, CA and Eindhoven University of Technology, NL
,
Kristina Andersen
Eindhoven University of Technology, NL
,
Program Chairs:
Will Odom
Simon Fraser University, CA
,
Audrey Desjardins
University of Washington, USA
,
Marianne Graves Petersen
Aarhus University, DK

Copyright © 2020 Owner/Author.

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives International 4.0 License.

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 July 2020

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

William and Flora Hewlett Foundation

Conference

DIS '20

Sponsor:

SIGCHI

DIS '20: Designing Interactive Systems Conference 2020

July 6 - 10, 2020

Eindhoven, Netherlands

Acceptance Rates

Overall Acceptance Rate 1,158 of 4,684 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
888
Total Downloads

Downloads (Last 12 months)261
Downloads (Last 6 weeks)46

Reflects downloads up to 21 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chivukula SGray CLi ZPivonka AChen J(2024)Surveying a Landscape of Ethics-Focused Design MethodsACM Journal on Responsible Computing10.1145/36789881:3(1-32)Online publication date: 17-Jul-2024
https://dl.acm.org/doi/10.1145/3678988
Sörries PLeimstädtner DMüller-Birn C(2024)Advocating Values through Meaningful Participation: Introducing a Method to Elicit and Analyze Values for Enriching Data Donation Practices in HealthcareProceedings of the ACM on Human-Computer Interaction10.1145/36372938:CSCW1(1-32)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637293
Sörries PFranzen DSperl MMüller-Birn C(2023)Foregrounding Values through Public Participation: Eliciting Values of Citizens in the Context of Mobility Data DonationProceedings of Mensch und Computer 202310.1145/3603555.3608531(387-394)Online publication date: 3-Sep-2023
https://dl.acm.org/doi/10.1145/3603555.3608531
Kollnig KDatta SSerban Von Davier TVan Kleek MBinns RLyngs UShadbolt N(2023)‘We are adults and deserve control of our phones’: Examining the risks and opportunities of a right to repair for mobile appsProceedings of the 2023 ACM Conference on Fairness, Accountability, and Transparency10.1145/3593013.3593973(22-34)Online publication date: 12-Jun-2023
https://dl.acm.org/doi/10.1145/3593013.3593973
Wong RValdez JAlexander AChiang AQuesada OPierce J(2023)Broadening Privacy and Surveillance: Eliciting Interconnected Values with a Scenarios Workbook on Smart Home CamerasProceedings of the 2023 ACM Designing Interactive Systems Conference10.1145/3563657.3596012(1093-1113)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3563657.3596012
Haghighi NJörke MMohsen YCuadra ALanday J(2023)A Workshop-Based Method for Navigating Value Tensions in Collectively Speculated WorldsProceedings of the 2023 ACM Designing Interactive Systems Conference10.1145/3563657.3595992(1676-1692)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3563657.3595992
Weir CDyson APrince D(2023)A Lot Less Likely Than I Thought: Introducing Evidence-Based Security Risk Assessment for Healthcare Software2023 IEEE Secure Development Conference (SecDev)10.1109/SecDev56634.2023.00030(156-170)Online publication date: 18-Oct-2023
https://doi.org/10.1109/SecDev56634.2023.00030
Parkin SKuhn KShaikh S(2023)Executive decision-makers: a scenario-based approach to assessing organizational cyber-risk perceptionJournal of Cybersecurity10.1093/cybsec/tyad0189:1Online publication date: 21-Aug-2023
https://doi.org/10.1093/cybsec/tyad018
Parkin SChua YGroß TViganò L(2022)A cyber-risk framework for coordination of the prevention and preservation of behavioursJournal of Computer Security10.3233/JCS-21004730:3(327-356)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.3233/JCS-210047
Wu SByrne DDu RSteenson M(2022)“Slurp” Revisited: Using ‘system re-presencing’ to look back on, encounter, and design with the history of spatial interactivity and locative mediaProceedings of the 2022 ACM Designing Interactive Systems Conference10.1145/3532106.3533464(263-276)Online publication date: 13-Jun-2022
https://dl.acm.org/doi/10.1145/3532106.3533464
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents