INI Seminar: Lorrie Faith Cranor

Time: October 8, 2010 - 2:30 PM - 3:50 PM

Location: DEC@Henry

Description:

The INI welcomes Lorrie Faith Cranor, an Associate Professor of Computer Science and Engineering and Public Policy at Carnegie Mellon University, where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS). Her talk is titled "A Framework for Reasoning About the Human in the Loop."

The INI Seminar takes place every Friday, 2:30 - 3:50 p.m. This week's seminar takes place at the Distributed Education Classroom at the INI Building, Henry Street (DEC@Henry).

Talk Abstract: Many secure systems rely on a "human in the loop" to perform security-critical functions. However, humans often fail in their security roles. Whenever possible, secure system designers should find ways of keeping humans out of the loop. However, there are some tasks for which feasible or cost effective alternatives to humans are not available. In these cases secure system designers should engineer their systems to support the humans in the loop and maximize their chances of performing their security critical functions successfully. I will introduce some high-level approaches to usable security and discuss a proposed framework for reasoning about the human in the loop that provides a systematic approach to identifying potential causes for human failure. This framework can be used by system designers to identify problem areas before a system is built and proactively address deficiencies. System operators can also use this framework to analyze the root cause of security failures that have been attributed to "human error."
Speaker Bio: Lorrie is also Chief Scientist of Wombat Security Technologies, Inc. and has authored over 80 research papers on online privacy, phishing and semantic attacks, spam, electronic voting, anonymous publishing, usable access control, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS).