Amir Herzberg <amir@herzberg.name> writes:

Ka Ping Yee, User Interface Design for Secure System, ICICS, LNCS 2513, 2002.

Ka-Ping Yee has a web page at http://zesty.ca/sid/ and a lot of interesting things to say about secure HCI (and HCI in general), e.g. a characterisation of safe systems vs. general-purpose systems: In order for Alice to use her computer usefully, she has to be able to instruct programs to do things for her. In order for those programs to carry out tasks, she has to trust those programs with some authority. So every useful operation involves making the system a little bit less safe. In order to keep the system from becoming unboundedly unsafe, Alice must also be able to make her system more safe. A system in an ultimately safe state is one that can't do anything other than what was planned ahead of time. General-purpose computing is useful to Alice only because she can make unpredictable inputs into the system, asking it to do new things. Peter.