Security system designers have long valued transparency as a feature of their technologies, on the assumption that transparent approaches can more easily be integrated with existing practices. However, we believe that transparent security mechanisms are, effectively, an extension of the discredited "security through obscurity" principle to the user interface; by obscuring the means through which security is achieved, they make it impossible for users to assess the security implications of their own actions. We believe that the complexity of using, monitoring and comprehending security technologies and their relationship to applications and tasks is a critical problem for improving effective security. Before computing can be trusted, it must be trustable. A trustable infrastructure is one that makes its actions observable and verifiable.
Our motivating observation is that the effectiveness of current security mechanisms, as encountered by end users in the software systems that they use on a daily basis, is compromised by fragmentation and lack of visibility. When users cannot understand these mechanisms, they cannot make effective decisions about how and when to use them.
Our hypothesis is that a technical infrastructure which makes visible the configuration, activity, and implications of available security mechanisms will enable end users to make informed choices about their behavior; and that these informed choices, in turn, will yield more effective, more secure system use. Visit our Research page to see our progress to date.
Our current testbed for experimentation is an application called
Impromptu. Impromptu is a collaborative peer-to-peer file sharing application for small group synchronous and collocated interaction.
We have developed a number of visualization extentsions to the Impromptu framework. These new visualzations focus primarily on history and temporal consistency.
Seeing Further: Extending Visualization as a Basis for Usable Security , a paper that gives the results from a user study of the Impromptu application and a full description of the newest visualization extensions to the application, has been published in the proceedings of the 2006 Symposium On Usable Privacy and Security (SOUPS 2006).
Check out the latest Swirl Project Flyer.