Visible to the public Mismorphism: A Semiotic Model of Computer Security Circumvention (poster abstract)Conflict Detection Enabled

TitleMismorphism: A Semiotic Model of Computer Security Circumvention (poster abstract)
Publication TypeConference Paper
Year of Publication2015
AuthorsSean Smith, Dartmouth College, Ross Koppel, University of Pennsylvania, Jim Blythe, University of Southern California, Vijay Kothari, Dartmouth College
Conference NameSymposium and Bootcamp on the Science of Security (HotSoS)
PublisherACM
Conference LocationUrbana, IL
KeywordsHuman and Societal Aspects of Security and Privacy, Science of Human Circumvention of Security, science of security, UIUC
Abstract

In real world domains, from healthcare to power to finance, we deploy computer systems intended to streamline and im- prove the activities of human agents in the corresponding non-cyber worlds. However, talking to actual users (instead of just computer security experts) reveals endemic circum- vention of the computer-embedded rules. Good-intentioned users, trying to get their jobs done, systematically work around security and other controls embedded in their IT systems.

This poster reports on our work compiling a large corpus of such incidents and developing a model based on semi- otic triads to examine security circumvention. This model suggests that mismorphisms--mappings that fail to preserve structure--lie at the heart of circumvention scenarios; dif- ferential perceptions and needs explain users' actions. We support this claim with empirical data from the corpus.

URLhttp://publish.illinois.edu/science-of-security-lablet/files/2014/05/Mismorphism-a-Semiotic-Model-of...
Citation Keynode-23338

Other available formats:

Mismorphism: a Semiotic Model of Computer Security Circumvention Poster Abstract
AttachmentSize
bytes