5 random links about design

Written on 6 February 2017, 10:31pm

Tagged with: , , , ,

1. When bad design leads to catastrophes

The Three Mile Island accident was a partial nuclear meltdown that occurred on March 28, 1979, in reactor number 2 of Three Mile Island Nuclear Generating Station (TMI-2) in Dauphin County, Pennsylvania, United States. It was the most significant accident in U.S. commercial nuclear power plant history. […]
The mechanical failures were compounded by the initial failure of plant operators to recognize the situation as a loss-of-coolant accident due to inadequate training and human factors, such as human-computer interaction design oversights relating to ambiguous control room indicators in the power plant’s user interface. […]
Despite the valve being stuck open, a light on the control panel ostensibly indicated that the valve was closed. In fact the light did not indicate the position of the valve, only the status of the solenoid being powered or not, thus giving false evidence of a closed valve.
Three Mile Island accident

2. How to deal with the paradox of choice

Reducing the number of choices for a user has, therefore, become the focus for many of today’s apps. This has been done in a number of ways:
1. Make the options more relevant (personalized recommendations)
2. or go a step further by making decisions on the user’s behalf, totally removing the burden of choice (ex. Google Now)
This notion of making decisions for users has been called “anticipatory design” and has become a topic of debate because of the ethics involved in making decisions on behalf of users
How To Build Honest UIs And Help Users Make Better Decisions

(more…)

Security concepts #2

Written on 29 January 2017, 09:40pm

Tagged with: ,

Functional requirements – what a system must do.
Non functional requirements – how the system must behave. On top of performance, usability, maintanability -> security.
CIA – Confidentiality (Privacy), Integrity, Availability + non-repudiation

Attacker levels

kid-level: unskilled, opportunistic, bragging rights
malware/ransomware: automated, opportunistic, financial gain
professional attacker: highly skilled, resources, persistent, adapt to their targets
nation state level: best skills available, big resources, goals – aligned with the country military/geo-strategic objectives

Vulnerability / exposure / security incident

Vulnerability types: bugs and flaws. Bugs – defects in the development process; could be detected by automated tools. Flaws – defects in the design process; could not be detected by automated tools.
A vulnerability does not necessarily cause an impact. It needs 2 more steps:
Exposure: if the vulnerability becomes known to an attacker
Security incident: if the attacker takes advantage of the exposure to perform an attack

Vulnerability assessment: black box vs white box testing
Black box – no access to the source code, hosting environment, etc
White box – full access to the source code, hosting, etc

Some principles:

– minimize the attack area
– secure defaults (coding and configuration)
– fail securely (defensive coding)
– give least privilege (need to know)
– multiple layers (ex. encrypted USB key, in a locked safe)
– no security by obscurity
– keep the design simple

Identification, Authentication, Authorization

Identification – who are you?
Authentication – how can you prove who you are?
Authorization – what can you do once authenticated?

Some specifics

– don’t say why the authentication failed (‘wrong username’ -> enumeration, ‘wrong password’ -> brute force attack)
– do not change data on the server via a HTTP GET request
– allow pasting passwords
– do not make the “Log out” option difficult to find
– just use HTTPS