Mismorphism: A Semiotic Model of Computer Security Circumvention (poster abstract)
Title | Mismorphism: A Semiotic Model of Computer Security Circumvention (poster abstract) |
Publication Type | Conference Paper |
Year of Publication | 2015 |
Authors | Sean Smith, Dartmouth College, Ross Koppel, University of Pennsylvania, Jim Blythe, University of Southern California, Vijay Kothari, Dartmouth College |
Conference Name | Symposium and Bootcamp on the Science of Security (HotSoS) |
Publisher | ACM |
Conference Location | Urbana, IL |
Keywords | Human and Societal Aspects of Security and Privacy, Science of Human Circumvention of Security, science of security, UIUC |
Abstract | In real world domains, from healthcare to power to finance, we deploy computer systems intended to streamline and im- prove the activities of human agents in the corresponding non-cyber worlds. However, talking to actual users (instead of just computer security experts) reveals endemic circum- vention of the computer-embedded rules. Good-intentioned users, trying to get their jobs done, systematically work around security and other controls embedded in their IT systems. This poster reports on our work compiling a large corpus of such incidents and developing a model based on semi- otic triads to examine security circumvention. This model suggests that mismorphisms--mappings that fail to preserve structure--lie at the heart of circumvention scenarios; dif- ferential perceptions and needs explain users' actions. We support this claim with empirical data from the corpus. |
URL | http://publish.illinois.edu/science-of-security-lablet/files/2014/05/Mismorphism-a-Semiotic-Model-of... |
Citation Key | node-23338 |
Attachment | Size |
---|---|
bytes |