Organizer: CASED, CROSSING and EC SPRIDE
Many aspects of information security combine technical and human factors. If a highly secure system is unusable, users will try to circumvent the system or migrate entirely to less secure but more usable systems. Problems with usability are a major contributor to many recent high-profile security failures.
The research domain of usable security and privacy addresses these issues. However, the main focus of researchers in this field has been on the “non-expert” end-user. After placing this issue in context of current research, the presenter will argue that the frontiers of usable security research need to be pushed forward and greater attention needs to be paid to the human aspects of system security and the administrators and developers involved in it. Fundamentally, software vulnerabilities and misconfigured systems are caused by developers or administrators making mistakes. Heartbleed and Shellshock were human errors made by single developers yet they had global consequences for millions of users. This talk will present usable security research in the areas of the X.509 public key infrastructure and TLS, mobile computing, malware analysis and code audits.
Matthew Smith is a Professor for Usable Security and Privacy at the Rheinische Friedrich-Wilhelms-Universität Bonn, Germany. He completed his studies of Computer Science & Electrical Engineering at the University of Siegen, Germany, with distinction. Subsequently he was a full time researcher at the Philipps Universität Marburg, Germany, where he completed his PhD in 2008, also with distinction. In 2009, he was awarded the PhD Prize for outstanding innovation by the Gesellschaft zur Förderung des Forschungstransfers (GFFT e.V.). His research is focused on human factors of security and privacy mechanisms with a wide range of application areas, including SSL and network security, authentication, mobile and app security and, most recently, usable security for developers and administrators. His work has been published at amongst others IEEE Security and Privacy, ACM CCS, USENIX Security, NDSS, ACM SIGCHI and USENIX SOUPS the Symposium on Usable Security and Privacy. Matthew Smith is also actively involved in the organisation of top academic conferences and is serving on the steering committees of NDSS, SOUPS and USEC as well as serving as program co-chair for SOUPS 2016 and 2017. In 2015 his ERC Starting Grant “Frontiers of Usable Security” was selected for funding.