Usable Morality

1
Usable Morality

• A Challenge for End User Security

Luke Church, Alan Blackwell luke_at_church.name,
Alan.Blackwell_at_cl.cam.ac.uk
2
Agenda

• Security policies
• As programming
• Morality
• Security policy surrogate
• Legal analogy
• Malware scanner usability issues

3
Security Policies
4
Security Policies

• Text-book approach to security
• Threat Model
• Security Policy
• What mechanisms are supposed to achieve
• Deploy Security Mechanisms

5
Policies -gt Mechanisms
(And many 1000s of other such settings)
6
Security Policies as Programming

• Behavioural Description
• Declarative programming
• Abstraction issues
• Collection of vapid statements?
• Why is it hard?
• Bridging ontologies
• Creation of abstractions
• Consistency
• Malicious advisories
• Attention investment for the future

7
Morality
8
Morality as a Policy Surrogate

• End users use moral judgements as a surrogate for
  security policies
• Programs are good/bad
• Now embedded in security parlance
• Malware, Trusted/Untrusted
• Continuum of moral categories?

9
Complexities with a moral perspective

• Corporate influences
• Mac OS X guards against shady characters who
  could so easily take control of your system
• Complexity
• Sonys DRM Rootkit
• MS response via Removal tool shows complexity
  and intentionality
• Tradeoffs of goods
• E.g. Performance vs. Security

10
Moral Orders

• Secure by Default doctrine
• Configuration too large and too hard to get right
• Need Shrink-wrap security policies
• gt Shipping a set of moral norms
• What are you really buying when youre buying
  Anti-Virus?
• Subscription to a moral order?
• Do you trust MS/Apple/Symantec to define your
  moral system for you?
• Are you willing to pay them to do so?

11
Malware Scanners

• Are you a saint or a sinner inside?

12
Malware Scanner Legal Analogy
Software Legal
Unknown software presumed good Innocent until proven guilty
Evaluated Tried
Signature detection Database of suspect DNA
??? Expert witnesses for technical evidence
Permitted or quarantined Imprisoned
Deleted Executed
13
Malware Scanners

• Moral evaluation of a stranger
• Traditionally has been entirely automated
• But sometimes requires help
• (Heres some evidence about an application, what
  do you want to do?)

14
Malware UI example

• Set fso CreateObject ("Scripting.FileSystemObjec
  t")
• Set f fso.GetFolder("C\Temp")
• For Each file In f.Files
• MsgBox file.Name
• Next

15
Usable Malware Scanners

• Evidence
• Very complex, abstract, future based
• No expert witnesses
• SEC-HCI issues
• Cognitive Channels
• Asymmetric Usability
• Needed
• Hampering security progress
• Anti-virus is looking weak
• Legal need (Zango vs. FTC)

16
Moral issues

• Moral ambiguity
• Malware, bundleware
• Sonys DRM Rootkit
• Morale Hazard
• A partial solution is dangerous
• Social Software
• Democratisation of security?
• Brings its own problems

17
Summary

• Security policy programming is hard
• End users use morality as a surrogate for a
  formal policy definition
• Malware scanners are imposing a moral order as
  your proxy
• If malware scanners cant make the decision
  automatically, usability problems abound

18
Points to discuss?

• Is what we need a shared model
• (Malware scanner lt-gt user)
• to discuss implications of actions?
• What part would a moral model have in this?

19
Questions?