Saturday November 13
8:00 - 9:00a Registration
9:00 - 10:30a Panel: Mobile devices in system administration
Paul Anderson (University of Edinburgh), Patrick Bohrer (IBM Research), Ken Chizinsky (Cisco), Michael Doty (Taos), George Herbert (Taos)
10:30 - 11:00a Break
11:00 - 12:30p Research Paper Presentations: Session 3
--Johnny Can Drag and Drop: Determining User Intent Through Traditional Interactions to Improve Desktop Security
  • Patrick F. Wilbur (Clarkson University), Todd Deshane (Clarkson University)
  • In this paper, we identify the primary difficulties encountered when security systems include users in the decision-making process. We propose security system inquiry mechanisms, designed around file open dialogs and drag-and-drop interfaces, to increase the accuracy of information obtained from users while also maintaining a high level of user inclusiveness in security decisions. We note that, although it has been previously shown that many users are inherently bad at making final security decisions, useful information regarding user intent can be accurately obtained by using our inquiry mechanisms. In particular, inquiry mechanisms that parallel the actions within applications the user actually intends to perform prompt the user in ways that are understandable and likely to receive accurate responses. We discuss how our system eliminates the traditional problems faced in security systems due to false positives and false negatives.
--A Collaborative Ontology Development Tool for Information Security Managers
  • John C. Mace (School of Computing Science, Newcastle University, UK), Simon E. Parkin (School of Computing Science, Newcastle University, UK), Aad van Moorsel (School of Computing Science & Centre for Cybercrime and Computer Security, Newcastle University, UK)
  • This paper explores the need for a collaborative development tool to allow information security experts to capture their interrelated knowledge in an ontology. Such a tool would enable organisations to make more informed security policy decisions around shared security issues. However, population of ontologies can be time-consuming and error-prone, and current collaborative ontology editing tools require a familiarity with ontology concepts. We present a Web-oriented tool which simplifies ontology population for information security experts, allowing them to develop ontology content without the need to understand ontology concepts. To understand how organisations manage information security knowledge within policies, we consulted two information security managers in large organisations. The Web-Protégé collaborative ontology editor was then modified to create a tool with an appropriate knowledge ontology structure that meets their requirements. The same information security managers then evaluated the tool, judging it to be accessible and potentially useful in policy decision-making.
--Towards a Task Oriented Model for Accessing Network Based Services (short paper)
  • Nils Pedersen (Cisco Systems, Inc.), Paul Clark (Cisco Systems, Inc.), Martine Freiberger (Nandana Studios)
  • Today’s networked users are required to configure a number of different network settings on their computer in order to access specific network based services. For example, these users need to know whether to enable a Virtual Private Network (VPN) tunnel and, in some cases, also select the appropriate wireless network. As more sophisticated security models are incorporated into networks, the user’s task in managing these settings will become more complex. This paper describes a design which simplifies the task of accessing network based services using a more user oriented, less technology centric task flow.
--Transparent Collaboration: Letting Users Simulate Another User’s World (short paper)
  • Min Wu (Oracle), C. Travis Bowles (UXellence)
  • While trying to learn how to use current collaboration systems, users face many challenges, including difficulty trying out new features, and experimenting without their actions affecting other users. This paper proposes an innovative approach to solve these problems by simulating the collaboration system. In this simulated environment, a user can: confirm the effect of certain actions on other people before performing the actions; check what information can be accessed by other users; interact as another user to see if the user can perform tasks as expected. By simulating the collaboration with more than one simultaneously, a user can test synchronous communication features using a single account. Integrating this solution into the current collaboration environment will improve usability of collaboration software, and reduce users’ reliance on administrators to support their collaboration interactions.
12:30 - 1:00p Closing