Search For:

Displaying 1-12 out of 12 total
User-Centered Security: Stepping Up to the Grand Challenge
Found in: Computer Security Applications Conference, Annual
By Mary Ellen Zurko
Issue Date:December 2005
pp. 187-202
<p>User-centered security has been identified as a grand challenge in information security and assurance. It is on the brink of becoming an established subdomain of both security and human/computer interface (HCI) research, and an influence on the pr...
Did You Ever Have To Make Up Your Mind? What Notes Users Do When Faced With A Security Decision
Found in: Computer Security Applications Conference, Annual
By Mary Ellen Zurko, Charlie Kaufman, Katherine Spanbauer, Chuck Bassett
Issue Date:December 2002
pp. 371
Designers are often faced with difficult tradeoffs between easing the user's burden by making security decisions for them and offering features that ensure that users can make the security decisions that are right for them and their environment. Users ofte...
A VMM Security Kernel for the VAX Architecture
Found in: Security and Privacy, IEEE Symposium on
By Paul A. Karger, Mary Ellen Zurko, Douglas W. Bonin, Andrew H. Mason, Clifford E. Kahn
Issue Date:May 1990
pp. 2
This paper describes the development of a virtual-machine monitor (VMM) security kernel for the VAX architecture. The paper particularly focuses on how the system's hardware, microcode, and soft ware are aimed at meeting Al-level security requirements whil...
Lessons from VAX/SVS for High-Assurance VM Systems
Found in: IEEE Security & Privacy
By Steve Lipner,Trent Jaeger,Mary Ellen Zurko
Issue Date:November 2012
pp. 26-35
The authors take a look back at VAX/SVS, a high-assurance virtual machine monitor (VMM) project from the 1980s, extracting its most pertinent lessons, including reference monitor architectural principles, approaches to verifiable and tamperproof access con...
A User-Centered, Modular Authorization Service Built on an RBAC Foundation
Found in: Security and Privacy, IEEE Symposium on
By Mary Ellen Zurko, Rich Simon, Tom Sanfilippo
Issue Date:May 1999
pp. 0057
Psychological acceptability has been mentioned as a requirement for secure systems for as long as least privi-lege and fail safe defaults, but until now has been all but ignored in the actual design of secure systems. We place this principle at the center ...
Separation of Duty in Role-based Environments
Found in: Computer Security Foundations Workshop, IEEE
By Richard Simon, Mary Ellen Zurko
Issue Date:June 1997
pp. 183
Separation of Duty is a principle that has a long history in computer security research. Many computing systems provide rudimentary support for this principle, but often the support is inconsistent with the way the principle is applied in non-computing env...
In Memoriam: Paul Karger
Found in: IEEE Security and Privacy
By Roger Schell, Steve Lipner, Mary Ellen Zurko, Elaine R. Palmer, David Safford, Charles C. Palmer, Carl E. Landwehr
Issue Date:November 2010
pp. 5
Paul Karger, a great friend to all and a thought leader in security, passed away in September 2010.
Someone to watch over me
Found in: Proceedings of the 2012 workshop on New security paradigms (NSPW '12)
By Heather Richter Lipford, Mary Ellen Zurko
Issue Date:September 2012
pp. 67-76
Traditional security mechanisms are part of a larger socio-technical system involving the people and organizations that use them. Yet, those security mechanisms rarely take this social context and social processes into account. In this paper we propose to ...
Technology transfer of successful usable security research into product
Found in: Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS '09)
By Mary Ellen Zurko
Issue Date:July 2009
pp. 1-32
Existing technologies for file sharing differ widely in the granularity of control they give users over who can access their data; achieving finer-grained control generally requires more user effort. We want to understand what level of control users need o...
Usability meets access control: challenges and research opportunities
Found in: Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT '09)
By Jorge Lobo, Konstantin Beznosov, Mary Ellen Zurko, Philip Inglesant, Rob Reeder
Issue Date:June 2009
pp. 1-22
This panel discusses specific challenges in the usability of access control technologies and new opportunities for research. The questions vary from "Why nobody, even experts, uses access control lists (ACLs)?" to "Shall access controls (and corresponding ...
Tracking influence through citation index comparisons and preliminary case studies panel position statement
Found in: Proceedings of the 2001 workshop on New security paradigms (NSPW '01)
By Mary Ellen Zurko
Issue Date:September 2001
pp. 115-117
We consider the influence of the New Security Paradigms Workshop by looking at the web citations to its papers in CiteSeer, and comparing those to another computer security workshop and a conference. We then go on to ask selected NSPW authors and NSPW 2001...
User-centered security
Found in: Proceedings of the 1996 workshop on New security paradigms (NSPW '96)
By Mary Ellen Zurko, Richard T. Simon
Issue Date:September 1996
pp. 27-33
Virtual Environments (VEs) have the potential to revolutionize traditional product design by enabling the transition from conventional CAD to fully digital product development The presented prototype system targets closing the **digital gap” as intro...