Training and Continuing Education at ACSAC

ACSAC offers several opportunities to help you maintain your professional certification: Technology tutorials, the ACSAC technical program, and our FISMA training track. For all of these, ACSAC provides sufficient evidence to support Continuing Professional Education (CPE) credit claims:

  • For formal ACSAC tutorials and training with pre-registration, ACSAC will provide printed certificates of completion indicating the number of hours of training.
  • For the ACSAC technical program, a copy of the final program, the attendance roster, and the registration receipt are your evidence.*

Notes will be printed for people that have registered a week or more before the conference. PDF file(s) of notes will be mailed (on request) to people who did not register a week or more before the conference.

ACSAC technology tutorials and the ACSAC technical program (including the ACSAC FISMA training track) are a great way to meet CPE requirements!


Technology Tutorials


Tutorial M1 – Educating Computer Security Professionals with the CyberCIEGE Video Game

Mr. Michael Thompson, Naval Postgraduate School

Monday, December 6th, Half Day

CyberCIEGE is a 3D video game that enhances computer network security education and training through constructive resource management techniques such as those employed in the Tycoon© games. In the CyberCIEGE world, players spend virtual money to operate and defend networks, and can watch the consequences of their choices, while under attack. CyberCIEGE scenarios cover network management and defense including the use of network filters, VPNs, e-mail encryption, access control mechanisms, biometrics, and PKI. Players balance budget, productivity, and security by keeping the virtual world's personnel happy (e.g., by providing Internet access) while protecting assets from vandals and professional attacks. The tutorial will cover the use of the game for education and training, and will include hands on scenario play for the audience. In addition, the tutorial will cover use of the Scenario Development Kit for creating and customizing scenarios.

While CyberCIEGE includes a set of "training and awareness" scenarios for general audiences (such as those of other computer security games like "Anti-phishing Phil"), the primary purpose of the game is broader computer security education. CyberCIEGE is built around the fundamental concepts of information security policies. Attacks are fueled by attacker motives. And motives vary by asset and scenario. The fidelity of CyberCIEGE attacks is high enough to illustrate functions of technical protection mechanisms and configuration-related vulnerabilities. For example, an attack might occur because a particular firewall port is left open and a specific component lacks a suitable patch management policy. This attack engine is coupled with an economy engine that measures the virtual user's ability to achieve goals (i.e., read or write assets). This combination enables scenarios that illustrate real-world trade-offs such as the use of air-gaps vs. the risks of cross domain solutions when accessing assets on both sensitive and unclassified networks.

CyberCIEGE was created by the Naval Postgraduate School in partnership with Rivermind Inc., and it is deployed around the world in universities, community colleges and government organizations. The US Government has unlimited use of the game, and a no-cost license to use CyberCIEGE is available to educational institutions, and hundreds of such institutions have requested the game. The target audience of the tutorial is computer security instructors and those developing security training and education programs.

Outline

  1. Overview, purpose and intended audience of the game. Introductory video. Training scenarios vs Educational scenarios. Online encyclopedia and tutorial movies. Example training scenario
  2. Scenarios illustrating basic network security concepts. Introductory tutorial scenario. Examples of game engine triggers, conditions and attacks. Basic game mechanics. Information security policy and physical security. Hands on play by attendees of introduction scenario.
  3. Intermediate computer security concepts. Network filters and their limitations (Network filters Scenario). Access control policies and assurance (Genes R Us scenario). User identification. Encryption, VPNs, Email protection. Hands on play by attendees of filters scenario.
  4. Deploying the game for training and education. Mechanics of distribution and deployment. Use of the game to augment case studies, directed group play. Student assessment tool.
  5. Creating and customizing scenarios. Game engine: Attack models, Game economy, Triggers and conditions. Use of the Scenario Development Tool (SDT).
  6. Hands on supervised scenario play by the attendees.
  7. Example of scenario construction. SDT mechanics. Scenario testing.

Prerequisites

Attendees will each need access to a computer (e.g. laptop) having a Windows operating system. Those with Mac computers can run the game using VMWare Fusion and a Windows guest operating system. Most relatively modern laptops and notebooks will run the game. Test the game on your laptop using the free evaluation version available at http://cisr.nps.edu/cyberciege/downloads/setup-demo.exe.

About the Instructor

Mr. Michael Thompson is a Research Associate in the Center for Information Systems Security Studies and Research at the Naval Postgraduate School in Monterey, California. He is the lead engineer for CyberCIEGE and is responsible for its ongoing development and maintenance. He holds a B.S. in Electrical Engineering from Marquette University. His research interests include security engineering and high assurance computer security, and he has over twenty years experience in the field of computer security.


Tutorial M2 – State of the Practice: Intrusion Detection

Dr. Michael Collins, RedJack, LLC
Dr. John McHugh, RedJack, LLC

Monday, December 6th, Half Day

This half day tutorial is intended to provide an overview of the state of practice in intrusion detection. It is intended to provide an understanding of the problems and potential pitfalls for researchers intending to undertake research efforts in the field, especially those who approach it from the viewpoint of other disciplines such as machine learning. The intended audience includes graduate students seeking PhD or MS topics, network security analysts who want deeper insights into the reasons why intrusion detection systems manifest relatively poor performance, and individuals desiring to evaluate intrusion detection products.

At the completion of the tutorial, the student should be conversant with the vocabulary of intrusion detection and have developed an appreciation for the difficulty of the problem area. The tutorial will cover the major classes of intrusion detection including host and network based classifications and signature and anomaly based classifications. Each of these approaches presents its own advantages and problems and each presents specific kinds of problems that need to be addressed by the research and operational communities. While there is a large body of published research in the area, relatively few of the academically developed approaches make any practical impact on the field and a unifying theme of the tutorial will be discussion of why this is the case. Specific topics of interest include the role of intrusion detection in system defense, sensing approaches, detection issues, and intrusion detection system evaluation.

Outline

  1. Introduction. Intrusion detection systems   history. Basic IDS technology: HIDS, NIDS, Signature-Based, Anomaly-Based. Major IDS families. Related technologies. Fallacies in IDS - false positives, false negatives, base-rate.
  2. General problems in IDS. Data collection. Inferential fallacies - false positives, false negatives, base-rate, prosecutor's fallacy. IDS evasion. Problems with IDS on the floor: polymorphism, packers and signature evasion, zero-days, and chair-swiveling.
  3. Signature Based IDS: State of the practice. Standard Signature Based IDS: Snort, Commercial systems. Signature management. Mechanisms for comparing and evaluating signatures. Current problems in signature based IDS: malware, signature management, deceptive signatures
  4. Anomaly Based IDS: State of the Practice. Historical anomaly detection   timeshares. Modern anomaly detection systems. Successful anomaly detection. Current problems in anomaly based IDS: noise, training assumptions.
  5. IDS Evaluation. Data available for evaluation. ROC curves and other evaluation mechanisms. Problems in 'normalcy'.
  6. Similar Systems. IPS vs. IDS vs. Sensor. SIM/SEM. AV. DDoS Detection.

Prerequisites

None.

About the Instructors

Dr. Michael Collins is Chief Scientist for RedJack and a former scientist for the CERT/Network Situational Awareness Team at Carnegie Mellon University. In this capacity, Dr. Collins was one of the lead designers of CENTAUR and the SiLK toolkit. Dr. Collins is an expert on traffic analysis, and has developed novel methods for tracking peer-to-peer applications and applying social network analysis to network traffic. His work is used by several federal agencies for traffic analysis and network defense. He is currently working on social network analysis of web usage.

Dr. John McHugh is the Senior Principal at RedJack LLC, a network data analysis and security consulting company and holds a visiting faculty position at UNC. Before joining RedJack, he was a Canada Research Chair in Privacy and Security at Dalhousie University in Halifax, NS, and, earlier, senior member of the technical staff with the CERT Situational Awareness Team, where he did research in survivability, network security, and intrusion detection. Recently, he has been involved in the analysis of large scale network flow data using visual analytic techniques and has developed tools for characterizing host and network behavior. Dr. McHugh received his PhD degree in computer science from the University of Texas at Austin. He has a MS degree in computer science from the University of Maryland, and a BS degree in physics from Duke University.


Tutorial M3 – Algorithms for Software Protection

Dr. Christian Collberg, University of Arizona
Dr. Jasvir Nagra, Google Inc.

Monday, December 6th, Full Day

Abstract. In this tutorial we will describe techniques for software protection. These are techniques for protecting secrets contained in computer programs from being discovered, modified, or redistributed. Important applications include protecting against software piracy, license check tampering, and cheating in on-line multi-player games. With a series of interactive exercises and problems, you will get hands-on experience with methods you can use to protect your program as well as techniques that attackers use to analyze and crack applications. The attack model is very liberal: we assume that an adversary can study our program's code (maybe first disassembling or decompiling it), execute it to study its behavior (perhaps using a debugger), or alter it to make it do something different than what we intended (such as bypassing a license check). In a typical defense scenario we use code transformation techniques to add confusion to our code to make it more difficult to analyze (statically or dynamically), tamper-protection to prevent modification, and watermarking to assert our intellectual property rights (by embedding a hidden copyright notice or unique customer identifier).

Background. Software protection is a fairly new branch of computer security. It's a field that borrows techniques not only from computer security, but also from many other areas of Computer Science such as cryptography, steganography, media watermarking, software metrics, reverse engineering, and compiler optimization. The problems we work on are different from other branches of computer security: we are concerned with protecting the secrets contained within computer programs. We use the word secrets loosely, but the techniques we present in this tutorial (code obfuscation, software watermarking and fingerprinting, tamper-proofing, and birthmarking) are typically used to prevent others from exploiting the intellectual effort invested in producing a piece of software.

For example, software fingerprinting can be used to trace software pirates, code obfuscation can be used to make it more difficult to reverse engineer a program, and tamperproofing can make it harder for a hacker to remove a license check.

Outline

  1. Introduction. What is software protection? What problems do we work on?
  2. Attack Models. Who is our adversary? What techniques are at his disposal?
  3. Code Obfuscation. Code transformation techniques for preventing malicious reverse engineering of programs. How do we defeat static analysis? How do we defeat dynamic analysis? How can adversaries use obfuscation to affect the results of electronic voting?
  4. Obfuscation Theory. Theoretical background to obfuscation. What can we hide in a program? What can't we hide in a program?
  5. Tamperproofing. Techniques for preventing modifications of programs. How can we stop the removal of licensing checks? How can we stop cheating in on-line games? How can we prevent attacks against the TCP stack that could potentially take down the Internet?
  6. Watermarking. Techniques for embedding unique identifiers in programs to prevent software piracy.
  7. Conclusion. Directions for future research.

Prerequisites

An understanding of basic compiler/program analyis techniques is helpful, but not necessary.

About the Instructors

Dr. Christian Collberg received a BSc in Computer Science and Numerical Analysis and a Ph.D. in Computer Science from Lund University, Sweden. He is currently an Associate Professor in the Department of Computer Science at the University of Arizona and has also worked at the University of Auckland, New Zealand, and the Chinese Academy of Sciences in Beijing. Prof. Collberg is a leading researcher in the intellectual property protection of software, and also maintains an interest in compiler and programming language research. In his spare time he writes songs, sings, and plays guitar for The Zax and hopes one day to finish up his Great Swedish Novel.

Dr. Jasvir Nagra received his B.Sc. in Mathematics and Computer Science and a Ph.D. in Computer Science from the University of Auckland, New Zealand. He's been a Post Doctoral scholar on the RE-TRUST project at the University of Trento where his focus was on applying obfuscation, tamperproofing and watermarking techniques to protect the integrity of software executing on a remote untrusted platform. His research interests also include the design of programming languages and its impact on the security of applications. He's currently with Google, Inc where he is building Caja, a open-sourced, secure-subset of javascript. In his spare time Jasvir dabbles with Lego and one day hopes to finish building his Turing machine made entirely out of Lego blocks.


Tutorial M4 – System Life Cycle Security Engineering

Ms. Thuy D. Nguyen, Naval Postgraduate School
Dr. Cynthia E. Irvine, Naval Postgraduate School

Monday, December 6th, Full Day

Within the discipline of systems engineering, information systems security engineering (ISSE) applies information assurance principles across a system's life cycle. Grounded by underlying security principles and a rigorous methodology, ISSE follows the "system thinking" approach for assessing system security behaviors based on dependencies, interactions and emergent properties of its components in the context of a larger system.

This tutorial aims to provide attendees with an overview of the ISSE methodologies and processes for the design, implementation and assessment of risk-based security solutions. Concepts and practices of information systems security engineering are presented from a system life cycle perspective. Core topics include security requirement engineering, architecture and design analysis, system implementation assessment, requirements/ implementation traceability correspondence, security test and evaluation strategy, and risk management. These topics are structured to follow the NIST risk management framework. In each stage of the system development life cycle, the roles and responsibilities of the ISSE team are explained.

Through the tutorial, attendees will understand the importance of capturing user's needs in a tractable form to guide development and risk analysis activities. They will be familiar with the properties used to evaluate different security architectures, the inherent trust problems relating to the composition of systems and components, and security issues associated with the adaptation of existing systems to meet the need for technological and environmental evolution.

Outline

  1. Introduction to Information Systems Security Engineering. This module presents an overview of the following ISSE activities in a system development life cycle: (1) Discover Information Protection Needs; (2) Define System Security Requirements; (3) Design System Security Architecture; (4) Develop Detailed Security Design; (5) Implement System Security. This module also explores the Risk Management Framework defined by NIST and reviews ISSE responsibilities in the risk management cycle of a system to assess the effectiveness and residual risk of the system's protection mechanisms.
  2. Life Cycle Assurance Practices. This module emphasizes the "baked in" security strategy and the notions of defense in breadth and defense in depth. Topics to be covered include: (1) Defense in breadth: evaluating risk throughout a system's life cycle; (2) Defense in depth: protecting against attacks by employing appropriate protection mechanisms in keys areas; (3) Trust relationships among components in large/complex systems: composition, balanced assurance, interconnection.
  3. Security Requirement Engineering. This module presents a general security requirements engineering framework that includes the following activities: (1) Security requirements elicitation; (2) Threat/risk analysis; (3) Security requirements derivation; (4) Security requirements validation.
  4. Security Architecture and Design. This module focuses on the following: (1) Architectural properties and strategies for reasoning about the security architecture of a system; (2) Security design requirements and engineering activities for developing and analyzing the security design for a secure system.

Prerequisites

It is assumed that participants have knowledge of basic security concepts and principles, and an understanding of computer, software and network security fundamentals. In addition, familiarity with system life cycle assurance (including threat characterization and risk analysis) and general systems engineering processes would be useful.

About the Instructors

Ms. Thuy D. Nguyen is a Senior Research Associate of Computer Science at the Naval Postgraduate School in Monterey, California. She has 25 years of experience and specializes in high assurance software and systems development, security evaluation and information systems security engineering. Ms. Nguyen performs research on high assurance platforms, trusted operating systems and separation kernels, secure collaborative applications, MLS federated architectures and dynamic security services. She is the lead architect/engineer of the MYSEA multilevel secure (MLS) project and oversees the construction of a MLS testbed. She co-authored a Common Criteria Protection Profile for highly robust separation kernels and a draft Computing Platform Architecture and Security Criteria for the High Assurance Platform Program. She has developed and taught courses on security requirements engineering and applied information systems security engineering. Prior to NPS, she developed commercial security products, including a TCSEC Class A1 security kernel.

Dr. Cynthia E. Irvine is a Professor in the Department of Computer Science and Director of the Center for Information Systems Security Studies and Research (CISR) at the Naval Postgraduate School, where she has worked since 1994. She was the founding director of the Cebrowski Institute at NPS from 2001 to 2003. A graduate of Rice and Case Western Reserve Universities, her research centers on the design and construction of high assurance systems and multilevel security. The author on over 150 papers and reports on cyber security, she has supervised over 120 Masters and PhD students. Dr. Irvine has served on numerous government computer and network security committees and review boards. Her memberships include: the ACM, ASP (life), IEEE (Senior) and the IEEE Computer Society Golden Core. A recipient of the Navy Information Assurance Award as well as numerous research and service awards, she served as Chair of the IEEE Technical Committee on Security and Privacy from 2007 to 2009.


Tutorial T5 – Virtualization and Security

Mr. Zed Abbadi, Public Company Accounting Oversight Board (PCAOB)

Tuesday, December 7th, Half Day

In recent years, virtualization has become one of the most deployed technologies in the IT field. It provides clear benefits when it comes to utilization, maintenance, redundancy and lower power consumption. However, just like every new technology, virtualization is still evolving and there are still unanswered security questions. Virtualization is a concept that encompasses many types of technologies used in different configurations and for a variety of reasons. Each one of these technologies presents its own unique sets of security challenges and benefits.

This tutorial will provide a basic understanding of the various virtualization technologies and discuss the security aspects and characteristics of each one. It will provide the audience with valuable material on how to utilize virtualization to decrease risks from security attacks and how to avoid vulnerabilities that may accompany virtualization technologies.

Outline

  1. Virtualization Basics: An introduction to the various types of virtualization technologies and their typical usage. This includes server and client virtualization, and the different software/hardware solutions that exit in the market today.
  2. Server Virtualization Security: A detailed discussion focused on server virtualization and the underlying security benefits and challenges. The discussion will cover bare-metal (monolithic vs. microkernel) and hosted technologies.
  3. Client Virtualization Security: A detailed discussion focused on client virtualization and the underlying security benefits and challenges. The discussion will cover desktop (local and hosted) and application (local and hosted) virtualization technologies.
  4. Other Virtualization Technologies: Other evolving virtualization technologies including OS Steaming and Workspace Virtualization and the security implications that accompany them.

Prerequisites

General understanding of computer architecture and basic security concepts.

About the Instructor

Mr. Zed Abbadi is an Application Security Manager with the Public Company Accounting Oversight Board (PCAOB). He has over 18 years of experience in software and security engineering. His experience ranges from providing security consulting services to building large-scale software systems. In his current role he is responsible for the security of all software applications that run on PCAOB's infrastructure.

Zed holds a Bachelor of Science in Computer Science and a Masters degree in Systems Engineering from George Mason University. He is a published author and has presented at various security conferences.


Tutorial T6 – Keeping Your Web Apps Secure: The OWASP Top 10 & Beyond

Mr. Robert H'obbes' Zakon, Zakon Group LLC

Tuesday, December 7th, Half Day

The Open Web Application Security Project (OWASP) Top 10 provides an overview of the most critical web application security risks. This tutorial introduces the OWASP Top 10 (2010 edition) along with other risks, and discusses the techniques and practices to protect against them. References to software tools and other secure coding resources will also be provided. This tutorial is a must if you are developing web applications, managing developers, researching web security, or simply are a security enthusiast.

Outline

  1. Introduction. Overview of the need for secure coding practices in web application development.
  2. The OWASP Top 10. From Injection and Cross-Site Scripting (XSS) to Insecure Cryptographic Storage and Cross-Site Request Forgery (CSRF) — we will cover OWASP's Top 10 Risks in detail — how these risks lead to vulnerabilities, and how to mitigate them.
  3. Beyond the Top 10. The Top 10 are not meant to be comprehensive, but to make developers aware of the most commonly encountered risks. Here we will cover additional risks and vulnerabilities that every web developer needs to be aware of, along with how to mitigate them.
  4. Gotchas, Pitfalls & Prevention. In addition to secure coding practices addressing potential vulnerabilities, there are still some underlying technologies that could result in unintended consequences. Learn about what these are and how to prevent them from being exploited.
  5. Security Tools & Resources. It's a half-day course, so you get lots of references to additional resources and tools.

Prerequisites

Some understanding of web application development may be helpful when discussing risk mitigation techniques.

About the Instructor

Mr. Robert Zakon is a technology consultant and developer who has been programming web applications since the Web's infancy, over 15 years ago. In addition to developing web applications for web sites receiving millions of daily hits, he works with organizations in an interim CTO capacity, and advises corporations, non-profits and government agencies on technology, information, and security architecture and infrastructure. Robert is a former Principal Engineer with MITRE's infosec group, CTO of an Internet consumer portal and application service provider, and Director of a university research lab. He is a Senior Member of the IEEE, and holds BS & MS degrees from Case Western Reserve University in Computer Engineering & Science with concentrations in Philosophy & Psychology. His interests are diverse and can be explored at www.Zakon.org.

Prior Feedback

Following are quotes from prior attendees of Mr. Zakon's web development security tutorials:

"Presented in a very structured format. Instructor knew his stuff. Good presentations."

"Very knowledgeable! Covered a lot of topics in a limited amount of time"

"The presenter was excellent. He didn't present an overload of information. The day went very quickly and I am leaving with a lot of valuable information"

"The slides were excellent - full of good code examples and explanations"

"Material that was presented was presented and covered well. Instructor is very knowledgeable"

"Handouts & presentation well organized & coordinated"


Tutorial T7 – State of the Practice: Secure Coding

Mr. Robert C. Seacord, CERT   Software Engineering Institute

Tuesday, December 7th, Full Day

State of the practice courses provide an introduction and overview of the current state of research in a particular discipline with the intent of informing beginning doctoral students an overview of research, technology and outstanding problems in a particular discipline. This state of the practice tutorial describes the state of the practice in secure C language programming as defined by the C99 standard and the emerging C1X standard. The tutorial also identifies outstanding problems in these standards, and identifies where further research is necessary. The tutorial also describes The CERT C Secure Coding Standard as well as the work and progress of the WG14 C Secure Coding Guidelines study group.

Outline

  1. History of C language programming. Origins. The C90, C99, and C1X standards. Common vulnerabilities. The role of secure coding standards.
  2. C programming language and library research. Implementation-defined, unspecified, and undefined behaviors. Poorly designed library functions. Poorly understood behaviors. Dangerous optimizations. Unmanaged environments. Encoding and decoding pointers. Security attributes. Concurrency.
  3. C1X improvements. Annex K Bounds-checking interfaces. Annex L Analyzability. Static Assertions. File I/O.
  4. Analysis Research. Static analysis. Dynamic analysis. Safe secure C/C++ methods. Model checking. Contributing analysis tools: case studies.
  5. Runtime protection schemes research. Randomization. W^X. Pointer encoding/decoding. Secure heap. Capability-based systems.
  6. Additional Research Areas. Underlying causes of vulnerabilities, effective and enforceable secure coding guidelines, and effectiveness of static analysis in analyzing open source software.

Prerequisites

Tutorial participants should be familiar with C language programming. Practicing C and C++ programmers will derive the greatest benefit but programmers who use other languages such as Java will also find the tutorial useful.

About the Instructor

Mr. Robert C. Seacord is the author of The CERT C Secure Coding Standard (Addison-Wesley, 2008) and Secure Coding in C and C++ (Addison-Wesley, 2005), providing guidance on secure practices in C and C++ programming. Seacord leads the Secure Coding Initiative at CERT, located in Carnegie Mellon's Software Engineering Institute (SEI) in Pittsburgh, PA. CERT's Secure Coding Initiative develops and promulgates secure coding practices and techniques, such as CERT's Secure Code Analysis Laboratory (SCALe), the first to certify software for conformance with secure coding standards. His research group develops publicly available tools for the analysis and development of secure software. Seacord is an adjunct professor in the Carnegie Mellon University School of Computer Science and in the Information Networking Institute and frequent speaker throughout the world. Seacord is also a technical expert for the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.


Tutorial T8 – An Introduction to Usable Security

Dr. Jeff Yan, Newcastle University, UK
Mary Ellen Zurko, IBM, USA

Tuesday, December 7th, Full Day

For a long time, computer security was mainly concerned with the design of various technical mechanisms for defending against adversaries, as well as with the underlying mathematical foundations such as cryptography primitives. However, the usability of such technical mechanisms was largely ignored, which unfortunately has proved a major cause of many computer security failures. In particular, many technical solutions though theoretically sound were practically insecure because of their poor usability.

In recent years, "usable security" (or "security usability") has attracted fast growing attention in both academia and industry. More and more people agree that we need usable security systems - unusable secure systems are not used properly or at all, and thus only usable systems can provide effective security. However, there is less agreement about how to design systems that are both usable and secure.

Outline

This full-day tutorial will give an overview of the field of usable security with the focus on principles, approaches and research methods of usable security. A large number of real-life examples will be used to illustrate that it is feasible to develop security solutions that are simultaneously secure and usable. With the aim to enable participants to both evaluate and produce high-quality work in usable security, the tutorial is tentatively structured as follows:

  1. Part 1: Fundamentals. How security has failed due to the failure of usability of security technologies. Psychological aspect of computer security, highlighting that what security engineers expect to work and what the user makes to work, can differ greatly. The contrast between theoretical and effective practical security will be highlighted. Examples of how security has failed due to usability will enable the attendee to recognize common mistakes. Early research in the field will be touched on, providing a background on motivations and an historical context for the field.
  2. Part 2: Approaches and methods. Common approaches to usable security and relevant design principles for security usability will be discussed. Methods for improving security usability and methods for empirically establishing such improvement will be discussed in detail. Usability techniques successfully applied to security, including usable design (with an emphasis on error handling and task flow), lab user studies (a field advanced enough that simple and useful guidance is available in book form), field user studies, and techniques for evaluating organizational cultures. The difficulties peculiar to the usability of security will also be discussed.
  3. Part 3: Case studies. Real-life examples illustrating how security and usability can be simultaneously improved, and how the principles and methods introduced in the previous part were applied. Reflections and critiques on the application of the methods. Topics that have received much attention will be highlighted, including authentication (particularly password use and graphical authentication), access control and authorization, phishing defenses, the utility of education of the user, and CAPTCHAs. The impact of organizational culture will receive particular attention, as we expect compliance, education, and organizational rules and guidelines to be of particular interest to ACSAC attendees. Recent usable security and privacy research in social networks will also be included.
  4. Conclusions.

Prerequisites

Basic understanding of computer security. The intended audience are security researchers who want to step into the field of usable security, and security practitioners who wish to understand the impact of usable security on their work and integrate some of its lessons, techniques, and developments. PhD students and new researchers in usable security who want to have a quick start in this field will also benefit. Those who want to teach this topic can also find the tutorial relevant - a set of summary notes and a large number of pointers to further readings will be provided, so that it should be easy for them to extend the tutorial into a full course.

About the Instructors

Dr. Jeff Yan is on the faculty of computer science at Newcastle University, England. He has a PhD in computer security from Cambridge University. The password security and memorability study he carried out with colleagues in 1999 - 2000 was an early influential work in the field of usable security. He is a contributor to the O'Reilly book "Security and Usability: Designing Secure Systems that People Can Use" (2005), the first book on usable security, and was on the program committee for the first Symposium on Usable Privacy and Security (SOUPS) held at Carnegie Mellon in 2005. Recent work on usable security in his team includes 1) a novel graphical password scheme (CCS'07), which was selected by the Royal Society - the UK's national academy - for their 2008 Summer Science Exhibition, and 2) the robustness and usability of CAPTCHAs (CCS'08, SOUPS'08), which has influenced the design of a number of CAPTCHAs including those that have been deployed by Microsoft and Yahoo!

Mary Ellen Zurko is security architect of the collaboration cloud offerings at IBM. She has over two decades of work in user-centered security, in product development, early product prototyping, and research. Her experience spans across the entire lifecycle of software products, from initial product definition and delivery, to mature product maintenance, with an emphasis on distributed middleware and collaboration. She is chair of the steering committee of the International WWW Conference series, on the steering committee of New Security Paradigms Workshop and a senior fellow on ACSA.