1 / 10

Security as Experience & Practice Supporting Everyday Security

Security as Experience & Practice Supporting Everyday Security. Paul Dourish Donald Bren School of Information and Computer Sciences & California Institute for Telecommunications and Information Technology UC Irvine jpd@ics.uci.edu. privacy and security.

Download Presentation

Security as Experience & Practice Supporting Everyday Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security as Experience & PracticeSupporting Everyday Security Paul DourishDonald Bren School of Information and Computer Sciences&California Institute for Telecommunications and Information TechnologyUC Irvinejpd@ics.uci.edu

  2. privacy and security • alternative formulation of security “problem” • one that people routinely encounter and solve • the question is, how? • usual approach: • use security ideas to tackle privacy problems • P3P, ACLs, • alternative approach: • use privacy ideas to tackle security problems • focus on ongoing management and situated practice

  3. altman’s model • borrowed a model from irwin altman • altman’s primary concern is f2f interaction • management of interpersonal space, etc • three key ideas • a dialectic… • … and dynamic process of … • … boundary regulation

  4. privacy as a process • privacy is not rule-governed • an optimization • continuum of degrees of openness and closedness • managing against conflicting goals • personal, interpersonal, organizational, institutional • systemic • many regulatory behavioral mechanisms • operate as a system • a collective response to circumstances and needs

  5. managing boundaries • the destablizing effect of technology • disrupting the regulation of boundaries • by setting up new boundaries or replacing existing ones • by transforming the ways in which actions are mediated • etc… • a look at three of these boundaries • disclosure • identity • temporality

  6. empirical investigation • studies of everyday security practices • security as a barrier • homogeneous treatment of “threats” • spammers, hackers, stalkers and marketers • delegating security • to technology • to individuals • to organizations • to institutions • security as a problem

  7. our approach • moving away from normative models • inherently contingent • moving away from abstract descriptions • resolved in-the-moment • practical action and decision-making • always part and parcel of the same setting • social, organizational, cultural, temporal context

  8. technical approach • supporting informed decision-making • providing a context for security actions • seeing the consequences of your actions • a twin approach • visualization • continual visual monitoring • exploit ability to perceive structure and regularities • event-based architectures • integrate information from many sources • balance individual and holistic accounts • event inference and analysis

  9. scenario architecture View View View Application being monitored Application events routed Vavoom loader YANCEES publishes JVM events Sequence detection siena router elvin JVM

  10. summary • security as an everyday phenomenon • grounding • empirical • investigations of real-world security practices • analytic • development of Altman’s model • technological implications • non-normative stance • integrating decision-making and action

More Related