100 likes | 197 Views
Security as Experience & Practice Supporting Everyday Security. Paul Dourish Donald Bren School of Information and Computer Sciences & California Institute for Telecommunications and Information Technology UC Irvine jpd@ics.uci.edu. privacy and security.
E N D
Security as Experience & PracticeSupporting Everyday Security Paul DourishDonald Bren School of Information and Computer Sciences&California Institute for Telecommunications and Information TechnologyUC Irvinejpd@ics.uci.edu
privacy and security • alternative formulation of security “problem” • one that people routinely encounter and solve • the question is, how? • usual approach: • use security ideas to tackle privacy problems • P3P, ACLs, • alternative approach: • use privacy ideas to tackle security problems • focus on ongoing management and situated practice
altman’s model • borrowed a model from irwin altman • altman’s primary concern is f2f interaction • management of interpersonal space, etc • three key ideas • a dialectic… • … and dynamic process of … • … boundary regulation
privacy as a process • privacy is not rule-governed • an optimization • continuum of degrees of openness and closedness • managing against conflicting goals • personal, interpersonal, organizational, institutional • systemic • many regulatory behavioral mechanisms • operate as a system • a collective response to circumstances and needs
managing boundaries • the destablizing effect of technology • disrupting the regulation of boundaries • by setting up new boundaries or replacing existing ones • by transforming the ways in which actions are mediated • etc… • a look at three of these boundaries • disclosure • identity • temporality
empirical investigation • studies of everyday security practices • security as a barrier • homogeneous treatment of “threats” • spammers, hackers, stalkers and marketers • delegating security • to technology • to individuals • to organizations • to institutions • security as a problem
our approach • moving away from normative models • inherently contingent • moving away from abstract descriptions • resolved in-the-moment • practical action and decision-making • always part and parcel of the same setting • social, organizational, cultural, temporal context
technical approach • supporting informed decision-making • providing a context for security actions • seeing the consequences of your actions • a twin approach • visualization • continual visual monitoring • exploit ability to perceive structure and regularities • event-based architectures • integrate information from many sources • balance individual and holistic accounts • event inference and analysis
scenario architecture View View View Application being monitored Application events routed Vavoom loader YANCEES publishes JVM events Sequence detection siena router elvin JVM
summary • security as an everyday phenomenon • grounding • empirical • investigations of real-world security practices • analytic • development of Altman’s model • technological implications • non-normative stance • integrating decision-making and action