Paper Info
Title
Position: the user is the enemy
Abstract
The Human Factor has long been recognized as the weakest link in computer systems security, yet, nothing technically significant has been done to address this problem in an attack agnostic manner. In this paper, we introduce the mantra of "The User is the Enemy" for security designers and developers alike as an underlying current towards addressing the weak human factor. We present different notions of the user and the system and argue from parallel tracks that user actions, both ignorant and non-compliant, are detrimental to the organization. We further show how the paradigm has been applied in a rather unconscious manner and contend that security mechanisms borne out of a conscious application will be more effective towards addressing this systemic problem. Our position is not meant to be a cynical attitude towards users; rather, it is meant to be the focal point of security design attitude, similar to the mantra "All user input is evil" for addressing buffer overflow attacks.
Year
DOI
Venue
2007
10.1145/1600176.1600189
new security paradigms workshop
Keywords
Field
DocType
attack agnostic manner,user centered security,security designer,user action,user input,security mechanism,computer systems security,non-compliant users,unconscious manner,security design attitude,systemic problem,cynical attitude,buffer overflow,human factors,system security
Unconscious mind,Internet privacy,Focal point,Nothing,Computer security,Computer science,Systemic problem,Mantra,Adversary,Computer security model,Buffer overflow
Conference
Citations 
PageRank 
References 
6
0.45
8
Authors
3
Name
Order
Citations
PageRank
Vidyaraman Sankaranarayanan1514.94
M. Chandrasekaran2182.77
S. Upadhyaya3817.01