11.07.2015 Views

syssec_red_book

syssec_red_book

syssec_red_book

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

10. Usable SecurityInternet, for example. Therefore, very complicated methods of securinga device are bound to be rejected by the masses.• Transparency: Even security-aware users can not always deduce howa system works and where the possibilities for attacks arise. A goodexample here is a registe<strong>red</strong> e-mail address that is used somewhere elsewithout notification to identify a user. There are threats for some usersthat cannot be anticipated without a deeper knowledge of the underlyingsystem.• Restrictiveness: Most security solutions impose restrictions on theirusers. Passwords must be ente<strong>red</strong> and memorized, device locks must beremoved before using a device, firewalls prohibit unconfined networkusage, etc. Users who see their devices as tools to do a job, which simplyhave to work properly, will gladly sacrifice security for convenience ifgiven the choice. Therefore, the choice of which options to give theend-user for circumventing or re-defining security-critical aspects has tobe a well-conside<strong>red</strong> one.To put it briefly, there are several reasons why a user may choose not to usethe security mechanisms provided, preferring to go with a more convenient,unsecu<strong>red</strong> solution instead. It is the researcher’s responsibility to keep thetarget system safe anyway. .10.2 Who Is Going to Be Affected?While the scope of the problem is hard to define precisely, the potentialvictims of this threat are more easily identified. This type of threat specificallyinfluences the everyday user of devices connected to the Internet. They simplycannot cope with the speed with which new technologies hit the market. Evenexperts such as network administrators, programmers and technically versatileindividuals have a difficult time keeping up with new developments, let alonethe possible threats they entail. Unfortunately, the ordinary end-user makes upthe vast majority of customers dealing with (personal) computers. Therefore,the target community is one of the largest imaginable; it essentially comprisesthe whole Internet.10.3 What Is Expected to Happen?The effects of the previously discussed development are already visible. Moreand more users fail to take precautions because they negatively impact theirworkflow. As a result, these systems are prone to various attacks, rangingfrom stolen passwords and account data to infected machines that do theiroperator’s bidding. If this trend continues, it will be virtually impossible to74

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!