Human-Centered Computer Security: Beyond the Desktop

Tamara Denning, University of Washington

Modern technologies are increasingly capable, interconnected, and used in diverse aspects of our lives. Securing these devices is critical: attackers can leverage their properties to perform attacks with greater ease and at a larger scale, and attacks can result in novel or amplified harms to users and bystanders. It is necessary to approach securing these devices from a human-centric perspective in order to design application-specific security solutions that maximally protect the relevant human assets via defenses of appropriately calibrated costs. Human-centric investigations are often necessary to understand the nuances of a specific usage domain: the diverse human assets affected, the various costs that might be incurred by security system designs, and how humans weigh their respective values. I ground the importance of this approach and example methodologies for such investigations with studies in two domains: implantable medical devices and augmented reality. I conclude my talk with a call for the development of more toolkits to bootstrap the security process, and present one such toolkit: the Security Cards, a physical deck of brainstorming cards that I developed to help computer science students, technologists, and researchers explore the threats that might be posed to and by a technology system.

Speaker Biography

Tamara Denning is a senior PhD student at the University of Washington working with Tadayoshi Kohno in the Security and Privacy Research Lab. She received her B.S. in Computer Science from the University of California, San Diego in 2007. Tamara’s interests are in the human aspects of computer security and privacy, with a focus on emerging technologies. Past areas of work include security for implantable medical devices, the security of consumer technologies in the home, security and privacy issues surrounding augmented reality, and security toolkits for awareness and education. Tamara’s work is published in both HCI and computer security venues, and has been covered by new outlets such as CNN, MSNBC, NY Times, and Wired.