O'Reilly logo

Security and Usability by Simson Garfinkel, Lorrie Faith Cranor

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter Seventeen. Simple Desktop Security with Chameleon

A. Chris Long and Courtney Moskowitz

CHAMELEON IS A DESKTOP INTERFACE AIMED AT HOME COMPUTER USERS THAT IS DESIGNED TO REDUCE the damage caused by malicious software, or malware —for example, viruses, worms, and Trojan horses. Malware is especially a problem for home computer users, in part because on most home computers all software runs with full access to all parts of the system. For example, an email attachment or a file downloaded from the Web has freedom to do anything to any part of the computer.

Introduction

The Chameleon design philosophy is to put the user, and thus the user interface, first. Frequently, security practitioners design detailed security models and mechanisms, then implement them in software or hardware, then design interfaces to expose the security features to users, or to application programmers who then expose them to users. In contrast, our project began with a very high-level idea of the security model of the system, and then moved straight to the user interface design. Details of the security model and decisions about the implementation are driven by the primary focus of making the interface easy to understand and convenient to use.

In the physical world, we have reasonable security in spite of a lack of fine-grained security mechanisms. For example, we routinely allow only partly-trusted people into homes, such as friends for socializing and repairmen to fix our utilities. We often monitor them ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required