An attack on paypal --> secure UI for browsers
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Jun 9 19:21:57 PDT 2003
Amir Herzberg <amir at herzberg.name> writes:
>Ka Ping Yee, User Interface Design for Secure System, ICICS, LNCS 2513, 2002.
Ka-Ping Yee has a web page at http://zesty.ca/sid/ and a lot of interesting
things to say about secure HCI (and HCI in general), e.g. a characterisation
of safe systems vs. general-purpose systems:
In order for Alice to use her computer usefully, she has to be able to
instruct programs to do things for her. In order for those programs to
carry out tasks, she has to trust those programs with some authority. So
every useful operation involves making the system a little bit less safe.
In order to keep the system from becoming unboundedly unsafe, Alice must
also be able to make her system more safe.
A system in an ultimately safe state is one that can't do anything other
than what was planned ahead of time. General-purpose computing is useful to
Alice only because she can make unpredictable inputs into the system, asking
it to do new things.
Peter.
More information about the cypherpunks-legacy
mailing list