User-Centered Security: Stepping Up to the Grand Challenge

Speaker: Mary Ellen Zurko , IBM

Date: Friday, October 20, 2006

Time: 1:30 PM to 2:30 PM

Refreshments: 3:15 PM

Public: Yes

Location: Star Seminar Room (32-D463)

Event Type:

Room Description:

Host: Rob Miller, MIT CSAIL

Contact: Rob Miller, x46028,

Relevant URL:

Speaker URL: None

Speaker Photo:

Reminders to:,,

Reminder Subject: TALK: User-Centered Security: Stepping Up to the Grand C

User-centered security has been identified as one of the four grand challenges in information security and assurance. In other words, the best minds in security think making it usable is both difficult and important. User-centered security is on the brink of becoming an established subdomain of both security and HCI research, and an influence on the product development lifecycle for any end user facing application, from email to Web 2.0 mashups. As practitioners and researchers in security and HCI, we still face major issues when applying even the most foundational tools used in either of these fields across both of them.

I will discuss the systemic roadblocks to effective user-centered security that I see as most important. They fall into three categories: social, technical, and pragmatic. The social challenges are the most difficult to address, because there is no obvious constituency that will address them. The other two categories, technical and pragmatic challenges, are naturally attacked by researchers and developers, although they were previously overlooked because they crossed expertise boundaries. While security and uability have historically often been at odds, both rely on the reality of deployment to prove the utility and validity of their work. Security is a challenge to traditional HCI approaches because it is never the user's main goal, and because it often depends on lower levels of technology than what is covered in the user model. There is a lot of interesting and important work for teams innovative enough to not just cross those boundaries but actually synthesize security and HCI. I'll also touch on the techniques and principles that I believe are producing (more) effective usable security today.

Bio: Mary Ellen Zurko leads security architecture and strategy for Lotus Workplace, Portal, and Collaboration Software at IBM. She defined the field of User-Centered Security in 1996. She is on the steering committee for New Security Paradigms Workshop and the International World Wide Web Conference series (she is co-chair for WWW2007 in Banff). She has worked in security since 1986, at The Open Group Research Institute and Digital Equipment Corporation, as well as IBM. She is a contributor to the O'Reilly book "Security and Usability: Designing Secure Systems that People Can Use." Her vita is at

Research Areas:

Impact Areas:

See other events that are part of the HCI Seminar Series Fall 2006.

Created by Linda L. Julien Email at Wednesday, June 19, 2013 at 6:22 AM.