In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015)
Title: Mismorphism: a Semiotic Model of Computer Security Circumvention
Author(s): Sean Smith, Ross Koppel, Jim Blythe, Vijay Kothari
Keywords: Circumvention, authentication, authorization, usability.
Abstract: In real world domains, from healthcare to power to finance, computer systems are deployed with the intention of streamlining and improving the activities of human agents in the corresponding non-cyber worlds. However, talking to actual users (instead of just computer security experts) reveals endemic circumvention of the computer-embedded rules. Well-intentioned users, trying to get their jobs done, systematically work around security and other controls embedded in their IT systems. This paper reports on our work compiling a large corpus of such incidents and developing a model based on semiotic triads to examine security circumvention. This model suggests that mismorphisms—mappings that fail to preserve structure—lie at the heart of circumvention scenarios; differential perceptions and needs explain users’ actions. This paper supports this claim with empirical data from the corpus.
Download count: 1069
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.