- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Fri, 7 Mar 2008 12:01:02 -0500
- To: pbaker@verisign.com
- Cc: "Serge Egelman" <egelman@cs.cmu.edu>,public-wsc-wg@w3.org
Received on Friday, 7 March 2008 17:01:16 UTC
> > You could start by attacking the users and observing what > > they do. Of course, telling them ahead of time that the > > study is about security and that they will be attacked is > > going to confound your results. I would hope that everyone > > can agree on this very basic point. > Its kind of hard to bring people into a lab situation without them > making any assumptions as to the purpose of the study. If you tell the > users that they are looking at a prototype you confound the results. > They are now likely to interpret failures or errors as being due to the > lab environment. > We don't usually take users into an lab and attack them in ways that is > likely to result in real harm. > And I don't think we can do attacks in the field very easily and stay > within ethical and legal boundaries. We can observe actual responses to > attacks. Well, we sort of did that in the Notes ECL study: http://www.acsa-admin.org/2002/papers/7.pdf Not that that was perfect or anything. But it was in the wild, it used instrumentation to tell if users fell for the "attack", which was executing unsigned code. The code itself was harmless (though running the study not without side effect). And we were all much younger then and knew a lot less about testing these things.
Received on Friday, 7 March 2008 17:01:16 UTC