Mismorphism: A Semiotic Model of Computer Security Circumvention
| Title | Mismorphism: A Semiotic Model of Computer Security Circumvention |
| Publication Type | Report |
| Year of Publication | 2015 |
| Authors | Sean Smith, Dartmouth College, Ross Koppel, University of Pennsylvania, Jim Blythe, University of Southern California, Vijay Kothari, Dartmouth College |
| Institution | Dartmouth College |
| Report Number | TR2015-768 |
| Keywords | Human and Societal Aspects of Security and Privacy, Science of Human Circumvention of Security, science of security, UIUC |
| Abstract | In real world domains, from healthcare to power to finance, we deploy computer systems intended to streamline and improve the activities of human agents in the corresponding non-cyber worlds. However, talking to actual users (instead of just computer security experts) reveals endemic circumvention of the computer-embedded rules. Good-intentioned users, trying to get their jobs done, systematically work around security and other controls embedded in their IT systems. This paper reports on our work compiling a large corpus of such incidents and developing a model based on semiotic triads to examine security circumvention. This model suggests that mismorphisms-- mappings that fail to preserve structure--lie at the heart of circumvention scenarios; differential percep- tions and needs explain users' actions. We support this claim with empirical data from the corpus. |
| URL | http://publish.illinois.edu/science-of-security-lablet/files/2014/05/Mismorphism-a-Semiotic-Model-of... |
| Citation Key | node-23302 |
| Attachment | Size |
|---|---|
| bytes |