Security-Centered Design
Chris Shiflett
shiflett.org
1

Talk Outline
‣ Cognitive Psychology
Ambient Signifiers
Change Blindness
‣ Phishing
‣ Examples
SmugMug
Bank Insecurity
2

For Your Consideration
‣ Good is the absence of bad, so bad examples
are more useful than good.
‣ Security must be part of the design; design
means more than just technical design.
‣ Human behavior should always be considered.
‣ Reality is more important than theory.
‣ Perception is almost as important as reality.
3

4

Ambient Signifiers
5

6

Secure or Not?
7

Change Blindness
8

9

10

11

Derren Brown Video
12

13

14

15

Phishing
16

http://login.yahoo.com/
17

Obfuscating Links in Email
<a href=\"http://evil/\">http://good/</a>
18

facebook.com
19

dopplr.com
20

SmugMug
21

22

23

24

25

Bank Insecurity
26

27

‣ Roughly half the sites requested login
information on an insecure page.
‣ Over a quarter of the sites had poor policies on
the username/password combination.
‣ Many sites provided insecure access to critical
information, sometimes via email.
‣ Some financial activities required that the user
be sent to a site run by a different company,
meaning they were no longer interacting with
the original domain.
28

\"Design flaws differ from typical software bugs that
can be fixed by applying patches. Design flaws are a
result of decisions made during the website design
phase, such as how to implement security features.
These design decisions promote insecure user
behavior.\"
http://cups.cs.cmu.edu/soups/2008/proceedings/p117Falk.pdf
29

Related Posts
Security and User Experience
http://shiflett.org/blog/2008/jan/security-and-user-experience
Ambient Signifiers
http://shiflett.org/blog/2007/feb/ambient-signifiers
30

31

Thanks for Listening
‣ http://shiflett.org/
‣ http://omniti.com/
Slides
http://shiflett.org/security-centered-design.pdf
32