UCL  IRIS
Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at http://www.ucl.ac.uk/finance/research/post_award/post_award_contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
Maybe Poor Johnny Really Cannot Encrypt: The Case for a Complexity Theory for Usable Security
  • Publication Type:
    Conference
  • Authors:
    Benenson Z, Lenzini G, Oliveira D, Parkin S, Uebelacker S
  • Publisher:
    ACM
  • Publication date:
    2015
  • Pagination:
    85, 99
  • Published proceedings:
    Proceedings of the 2015 New Security Paradigms Workshop
  • Series:
    NSPW ’15
  • ISBN-13:
    978-1-4503-3754-0
  • Addresses:
    New York, NY, USA
  • Notes:
    shorttitle: Maybe Poor Johnny Really Cannot Encrypt urldate: 2016-01-05 keywords: human capacities, Usable security models file: Benenson et al. - 2015 - Maybe Poor Johnny Really Cannot Encrypt The Case .pdf:C\:\Users\Ingolf Becker\Dropbox\Ingolf\Zotero\Benenson et al3.pdf:application/pdf
Abstract
Psychology and neuroscience literature shows the existance of upper bounds on the human capacity for executing cognitive tasks and for information processing. These bounds are where, demonstrably, people start experiencing cognitive strain and consequently committing errors in the tasks execution. We argue that the usable security discipline should scientifically understand such bounds in order to have realistic expectations about what people can or cannot attain when coping with security tasks. This may shed light on whether Johnny will be ever be able to encrypt. We propose a conceptual framework for evaluation of human capacities in security that also assigns systems to complexity categories according to their security and usability. From what we have initiated in this paper, we ultimately aim at providing designers of security mechanisms and policies with the ability to say: "This feature of the security mechanism X or this security policy element Y is inappropriate, because this evidence shows that it is beyond the capacity of its target community".
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Author
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by