ABSTRACT

Effective security depends on good user interfaces. A door may have the strongest lock in the world, but if authorized users can't open and close it easily, and have to leave the door open in order to get their jobs done, then it has no security at all. This talk will discuss our work on developing computer security technology that is not only secure against attack but also usable by people. Our work focuses on email and web security, specifically the security errors that users make in using web sites and email: (1) falling for phishing attacks, (2) using email insecurely, and (3) sending email to the wrong recipients. I present user studies showing the magnitude of the problems (which for phishing, at least, is enormous), and user interface designs we have developed that make steps toward solving the problems.

Joint work with Min Wu, Simson Garfinkel, and Eric Lieberman.

BIOGRAPHY

Rob Miller is an associate professor in the MIT EECS department and a member of the Computer Science and Artificial Intelligence Laboratory. He earned his Ph.D. in Computer Science from Carnegie Mellon University (2002), and B.S. and M.Eng. degrees in EECS from MIT (1995). His research interests span human-computer interaction, user interfaces, software engineering, and artificial intelligence. His current research focus lies at the intersection of security and user interfaces, with the goal of discovering how to build computer systems that are both safer and easier to use.