InfoSec Seminar: Appropriation and Principled Security

Speaker: Steve Dodier-Lazaro

Date/Time: 27-Aug-2015, 15:20 UTC

Venue: Roberts 422



Secure systems have a reputation of being unusable and demanding on users, a belief attributed to a lack of usability research and human factors expertise among security experts. We argue that the issue of unusable security might have deeper roots. Indeed, the design principles security relies on are out of touch with the reality of nowadays’ computing practices. In particular, the security principles of least privilege and fail-safe defaults strip human users of their ability to reconfigure systems and leave them stranded when facing interaction breakdowns. Security principles therefore prevent the re-appropriation of systems they mediate both in unexpected practices and by unexpected users. We propose several leads to lessen the negative impact of those principles on secure systems.

Based on work to be presented at the ECSCW Workshop on Experiences of Technology Appropriation 2015


Steve is a PhD student at University College London. He works across the boundaries of computer security and human-computer interaction, with inspiration from design practice and ethnomethodology.  He belongs to the UCL Centre for Research on Evolution, Search and Testing and the Information Security groups. His PhD research explores theories, research methods and tools for the design of usable and appropriable security systems, with a particular focus on application confinement. He is supervised by Jens Krinke and Angela Sasse.

Add to Calendar

This page was last modified on 27 Mar 2014.