Joined: 01 Sep 2004
|Posted: Sun Mar 05, 2006 11:22 am Post subject: Book Review - Security and Usability
Security and Usability
Author(s): Multiple - Edited by Lorrie Faith Cranor and Simson Garfinkel
Publisher: O'Reilly http://www.orielly.com
Date Published: 2005
Book Specifications: Softcover, 714 pages
Publisher's Suggested User Level: Not Rated
Reviewer's Recommended User Level: Intermediate
Suggested Publisher Price: $44.95 US / $62.95
Amazon.com: Security and Usability UK
Amazon.co.uk: Security and Usability US
Blurb from back cover:
Computer users have been taught for years that computer security systems can't be effective unless they are complex and difficult to use. In reality, this conventional wisdom is completely wrong. Tomorrow's computers won't be secure unless researchers, designers, and programmers can invent new ways to make security systems easier to use – so easy, in fact that they seem to melt away entirely.
Security and Usability provides a window into the future of computer security. The first book describing this emerging and critically important field, it collects 34 groundbreaking essays from leading security, usability and human-computer interaction (HCI) researchers around the world.
This book, as it notes above, takes 34 essays and compiles them into quite an entertaining and interesting read. This makes the book a little hard to review as each essay is in a distinctly different style to the last and it's hard to make any sweeping book-wide statements. However this is a significant strength of the book too as it gives you a nice varied approach to the subject of security and usability. I've always believed that the best security mechanisms are the transparent and easy to use technologies which this book reinforces with practical and guided examples and arguments.
Chapter Synopsis & Review Comments
Although the book has 34 distinct essays, these are broken down in to the following sections:
One, Realigning Usability and Security
This section looks at the basic case for the books content. Why it's important, why usability is important and NOT counter to security and importantly gives solid examples of how usability and security can work together. These essays should be enough to convince you of all of the above, but it gets more firmly presented as you read on.
Two, Authentication mechanisms
Authentication mechanisms are extremely important in most security systems and are a core component of any network or software design. These essays argue points for choosing good solid authentication systems.
Three, Secure sytems
Secure systems? not a great title for this section which is a more in depth look at topics discussed in the first essays, with a focus on some examples of real world security solutions.
Four, Privacy and Anonymity Systems
Five pitfalls in the design for privacy is the jewel of this section and gives some excellent advice to follow in system design. The entire section contains quite well argued points on how to make privacy and ease of use work together.
Five, Commercializing Usability – The Vendor Perspective
Show me the money ! commercial ventures capitalizing on combining ease of use and security are explored here in perfect detail.
Six, The Classics
No doubt these are the classics, this section consists of the essays that the editors believe everyone with any interest in the field should read - they are not wrong some powerful arguments here.
Style and Detail
In every chapter the detail is amazing, with well thought out arguments as to why each point is important. You get an insightful look at many areas you wouldn't really touch on, but it's surprising how another area of security and usability design can relate to your own work. For example there are a lot of essays covering the topic from a developer's perspective in the specifics but in the generalizations there are things to learn for someone working on infrastructure and network design and vice-versa. The style varies from chapter to chapter which keeps you reading as you move from a style you don't like to one you do. Arguments being presented slightly differently also means you get more than one authors view of the topic, which is essential for a topic that is not an exact science but an area of great debate – even amongst guys that generally agree !
Whilst some of this is heavy reading it is very logically argued and well structured enough to keep you focused on the topic enough to take in the points. Although this book is slightly beyond my usual realm of reading mostly technical manuals, it had more than enough technical content to keep me taking notes. The number of essays contained in the book is just enough to make it a fairly largish book but not too much to make it feel like a mere collection of everything on the subject. It does appear to be cherry picked and the credentials for the authors generally speak for themselves when it comes to expert opinion on the matter. Developers would gain a lot from this book as would administrators, security analysts and anyone who has ever tried to argue a point about a particular security technology.
This book receives an honoured SFDC Rating of 9/10.
Keywords: security usability human computer interaction hci
This review is copyright 2005 by Barrie Dempster and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of Barrie Dempster, or Security-Forums Dot Com.