No Slide Title by HC120911082046


									Security as Experience & Practice
   Supporting Everyday Security

                               Paul Dourish
           Donald Bren School of Information and Computer Sciences
    California Institute for Telecommunications and Information Technology
                                 UC Irvine

privacy and security

 • alternative formulation of security “problem”
   – one that people routinely encounter and solve
      • the question is, how?
 • usual approach:
   – use security ideas to tackle privacy problems
      • P3P, ACLs,
 • alternative approach:
   – use privacy ideas to tackle security problems
      • focus on ongoing management and situated practice
altman’s model

 • borrowed a model from irwin altman
   – altman’s primary concern is f2f interaction
      • management of interpersonal space, etc
 • three key ideas
   – a dialectic…
   – … and dynamic process of …
   – … boundary regulation
privacy as a process

 • privacy is not rule-governed
 • an optimization
   – continuum of degrees of openness and closedness
   – managing against conflicting goals
   – personal, interpersonal, organizational, institutional
 • systemic
   – many regulatory behavioral mechanisms
   – operate as a system
      • a collective response to circumstances and needs
managing boundaries

 • the destablizing effect of technology
   – disrupting the regulation of boundaries
      • by setting up new boundaries or replacing existing ones
      • by transforming the ways in which actions are mediated
      • etc…
 • a look at three of these boundaries
   – disclosure
   – identity
   – temporality
empirical investigation

 • studies of everyday security practices
   – security as a barrier
      • homogeneous treatment of “threats”
               – spammers, hackers, stalkers and marketers
   – delegating security
      •   to   technology
      •   to   individuals
      •   to   organizations
      •   to   institutions
   – security as a problem
our approach

 • moving away from normative models
   – inherently contingent
 • moving away from abstract descriptions
   – resolved in-the-moment
 • practical action and decision-making
   – always part and parcel of the same setting
   – social, organizational, cultural, temporal context
technical approach

 • supporting informed decision-making
   – providing a context for security actions
   – seeing the consequences of your actions
 • a twin approach
   – visualization
      • continual visual monitoring
      • exploit ability to perceive structure and regularities
   – event-based architectures
      • integrate information from many sources
      • balance individual and holistic accounts
      • event inference and analysis
scenario architecture

                              View                    View           View
     Application being

     Application                                                 events

       Vavoom                          YANCEES
        loader           publishes                              Sequence


 • security as an everyday phenomenon
 • grounding
   – empirical
      • investigations of real-world security practices
   – analytic
      • development of Altman’s model
 • technological implications
   – non-normative stance
   – integrating decision-making and action

To top