Vision Statement

December 19 , 2005

Tiger Team Winners Announced

- Keith Edwards

Information security technologies are critical in the networked age. And yet, very often, these technologies are so unusable, misunderstood, or unworkable that they are circumvented by the very people they are intended to protect.

The lack of technology that is both secure and usable is a huge and growing problem. In the enterprise, the problem translates into millions in IT costs to integrate awkward security systems into business practices, often only to find that these systems are ignored by users who find that they interfere with their work. In the home, the problem manifests itself as consumers who are unaware of the threats around them and how to counter those threats, with the result being that the home is now the weakest link in the global information infrastructure.

The Georgia Tech Information Security Center (GTISC) and the Graphics, Visualization, and Usability (GVU) Center are addressing the challenge of usable security through an innovative, grassroots mechanism. In Fall 2005, the two centers hosted a "tiger team" competition, in which multidisciplinary student design teams worked together to craft proposals to address pressing problems in usable security. These proposals combine best-of-breed research in both information security and human-computer interaction, to deliver new technologies that satisfy the need for strong security while fitting into the needs, practices, and skills of ordinary users.

From the competition, three proposals were selected for development:

Bonfire. The warning messages produced by commercial firewall products can rapidly overwhelm users, with the result that many people simply allow any requested traffic to breach their firewall. The Bonfire project will address this problem through a technique called social navigation: Bonfire will aggregate the actions of thousands or millions of users, distributed throughout the Internet, to provide guidance about appropriate firewall configuration and use.

TALC. One of the challenges with making security technologies usable is that most information security threats are essentially invisible. TALC, which stands for Threat Awareness, Learning, and Control, aims to bring these threats into the foreground. TALC will provide a system that visualizes threats to the user, and provides integrated mechanisms to mitigate those threats.

"Click and Drag" Security. The existing direct manipulation interfaces that computers use (windows, pointers, icons, and so forth) have been hugely successful. And yet, the metaphors and techniques of this interface style have been abandoned by most security products, which rely on arcane textual messages. The "Click and Drag" project aims to integrate security directly into the desktop metaphor, by finding new visual representations and interaction techniques for accomplishing security management.

GTISC and the GVU Center are dedicated to leading the way toward a new generation of information security technologies that provide both cutting-edge security and deep usability. The centers combine international expertise in security and human-computer interaction and, though their connections with industrial partners, provide a path to impact the products and services that will deliver innovations to the marketplace.

For more information, please contact: Stefany Wilson, stefany.wilson@cc.gatech.edu