This paper discusses whether usable security is unattainable for some security tasks due to intrinsic bounds of human cognitive capacities. Will Johnny ever be able to encrypt? Psychology and neuroscience literature shows that there are upper bounds on the human capacity for executing cognitive tasks and for information processing. We argue that the usable security discipline should scientifically understand human capacities for security tasks, i.e., what we can realistically expect from people. We propose a framework for evaluation of human capacities in security that assigns socio-technical systems to complexity classes according to their security and usability. The upper bound of human capacity is considered the point at which people sta...
Traditionally, security is only considered as strong as its weakest link, and people were considered...
Research shows that commonly accepted security requirements are not generally applied in practice. I...
The design of leakage-resilient password systems (LRPSes) in the absence of trusted devices remains ...
peer reviewedThis paper discusses whether usable security is unattainable for some security tasks du...
Psychology and neuroscience literature shows the existance of upper bounds on the human capacity for...
Abstract. Computer security has traditionally been assessed from a technical point of view. Another ...
Most current information systems security theories assume a rational actor making deliberate decisio...
In security science, efficient operation depends typically on the interaction between technology, hu...
Most security research focuses on the technical aspects of systems. We consider security from a user...
In this opinion paper, we first review the evolution of information security research, and summarize...
Inadvertent and Irrational human errors (e.g., clicking on phishing emails) have been the primary ca...
165 pagesThis thesis consists of two parts, representing two separate strands of research.The first ...
This paper is a preliminary exploration of secure distributed human computation. We consider the gen...
Security experts frequently refer to people as “the weakest link in the chain” of system security. ...
Exploiting human behavior to gain unauthorized access to computer systems has become common practice...
Traditionally, security is only considered as strong as its weakest link, and people were considered...
Research shows that commonly accepted security requirements are not generally applied in practice. I...
The design of leakage-resilient password systems (LRPSes) in the absence of trusted devices remains ...
peer reviewedThis paper discusses whether usable security is unattainable for some security tasks du...
Psychology and neuroscience literature shows the existance of upper bounds on the human capacity for...
Abstract. Computer security has traditionally been assessed from a technical point of view. Another ...
Most current information systems security theories assume a rational actor making deliberate decisio...
In security science, efficient operation depends typically on the interaction between technology, hu...
Most security research focuses on the technical aspects of systems. We consider security from a user...
In this opinion paper, we first review the evolution of information security research, and summarize...
Inadvertent and Irrational human errors (e.g., clicking on phishing emails) have been the primary ca...
165 pagesThis thesis consists of two parts, representing two separate strands of research.The first ...
This paper is a preliminary exploration of secure distributed human computation. We consider the gen...
Security experts frequently refer to people as “the weakest link in the chain” of system security. ...
Exploiting human behavior to gain unauthorized access to computer systems has become common practice...
Traditionally, security is only considered as strong as its weakest link, and people were considered...
Research shows that commonly accepted security requirements are not generally applied in practice. I...
The design of leakage-resilient password systems (LRPSes) in the absence of trusted devices remains ...