Human Accessible Security Policies
|Ομιλητής||Βασίλης Πρεβελάκης, Assistant Professor, Drexel University, UK.|
|Τίτλος||Human Accessible Security Policies|
|Ημερομηνία||Πέμπτη 22/05/2008, ώρα 12:00|
|Διεύθυνση||Ιάσονος 10, Βόλος|
Dr. Vassilis Prevelakis is Assistant Professor of Computer Science at Drexel University. He has worked in various areas of security in Systems and Networks both in his current academic capacity and as a freelance consultant. Prevelakis current research involves issues related to automation network security, secure software design, autoconfiguraion issues in secure VPNs, etc. He has published numerous papers in these areas and is actively involved in standards bodies such as the IETF. He has received research funding from DARPA and from NSF. Prevelakis received his Ph.D. from the University of Geneva in Switzerland and his M.Sc. and B.Sc. from the University of Kent in the U.K.
An increasing number of computer users have to make security-related configuration decisions in their daily interaction with computers; much of the time they do not even realize that they are doing so. Setting security policies can be a daunting task even for security professionals. Indeed, how to make computer security accessible to ordinary users (much like Graphical User Interfaces made computers accessible to these ordinary users in the first place) remains an unsolved problem. The problem is exacerbated by the sheer number of applications, devices, etc. whose security policies may interact, often to the point where users are asked to disable the firewall or blindly click yes to all the prompts so that they can get their work done. At the root of the problem is this: users (of varying degrees of sophistication) may have some vague idea of what security policy they want to convey through a set of configuration statements, and proceed to write these statements; alternately, they may choose from a pre-set repertory of configurations, but their only way of understanding the security implications would be to mentally “disassemble” the configuration. Even experts find such problems daunting (e.g. when configuring corporate firewalls), let alone ordinary users. Our approach aims to create a framework for the implementation of security policies that are accessible (understandable) to a person (the end-user) who does not have computer security training or a computer science background A major contribution of our framework is that it integrates security into environments where the principals lack a computer security background. The home environment is an obvious example of a case where the end-user (home owner) must determine the policies of the home network without requiring the help of a security expert.