Integrating a Usable Security Protocol Into User Authentication Services Design Process
暫譯: 將可用的安全協議整合進用戶身份驗證服務設計過程

Name: Integrating a Usable Security Protocol Into User Authentication Services Design Process
Price: 2071 TWD
Availability: OnlineOnly
Author: Braz, Christina, Seffah, Ahmed, Naqvi, Bilal
ISBN: 0367656922

Braz, Christina, Seffah, Ahmed, Naqvi, Bilal

出版商: Auerbach Publication
出版日期: 2020-09-30
售價: $2,180
貴賓價: 9.5 折 $2,071
語言: 英文
頁數: 394
裝訂: Quality Paper - also called trade paper
ISBN: 0367656922
ISBN-13: 9780367656928
相關分類: 資訊安全

海外代購書籍(需單獨結帳)

商品描述

There is an intrinsic conflict between creating secure systems and usable systems. But usability and security can be made synergistic by providing requirements and design tools with specific usable security principles earlier in the requirements and design phase. In certain situations, it is possible to increase usability and security by revisiting design decisions made in the past; in others, to align security and usability by changing the regulatory environment in which the computers operate. This book addresses creation of a usable security protocol for user authentication as a natural outcome of the requirements and design phase of the authentication method development life cycle.

商品描述(中文翻譯)

在創建安全系統與可用系統之間存在內在的衝突。然而，通過在需求和設計階段早期提供具體的可用安全原則的需求和設計工具，可使可用性與安全性相輔相成。在某些情況下，通過重新檢視過去的設計決策，可以提高可用性和安全性；在其他情況下，則可以通過改變計算機運作的監管環境來協調安全性和可用性。本書探討了用戶身份驗證的可用安全協議的創建，作為身份驗證方法開發生命週期中需求和設計階段的自然結果。

作者簡介

Christina Braz has been working with usable security in the area of computer security (particularly user authentication and identity management) since 2002. She earned her PhD in Cognitive Computing from the University of Quebec, Montreal, and Master of Science in Electronic Commerce from the Department of Computer Science and Applied Research, University of Montreal. Dr. Braz work experience spans over 15 years in Computer Security, Finance, Mobile Computing, and Telecommunications industries working in consultancy and corporate environments such as Scotiabank, Citibank, Symantec, RSA Security, VeriSign, and Roger Telecommunications. She has also held positions as Information Assurance Instructor at Northeastern University in Boston, MA and Graduate Teaching Assistant at HEC Montreal, QC, Canada. She has been publishing papers in the field of Human Computer Interaction Security (HCISec) for the past 10 years. Some of her main projects are investments and banking mobile applications; usable security symmetry: a security and usability inspection method; GlancePass: a usable, single-factor, and yet strong biometric authentication method; MobiTicket: a Wireless-based (SMS) auction application for selling concert tickets through mobile devices; and finally, AuthenLink, an authentication system to automatically authenticate mobile users through an implantable RFID chip. Dr. Braz currently works for Scotiabank in the Research & Development division in Toronto, Canada.

Ahmed Seffah is a professor of human-centric Software Engineering at Lappeenranta University of technology, Finland. Previously, he was a faculty member and the Concordia university research chair on human-centered software engineering. Professor Seffah was a visiting professor in various universities and research Centre including IBM, University of Lausanne, Daimler Chrysler and the Computer research institute of Montreal. He co-authored five research books and essays, the latest one on the "Patterns of HCI Design Patterns and the HCI Design of Patterns." His main research interest is to understanding human aspects and the measures for quantifying the software quality from a human perspective as well as avenues for integrating HCI design, user-centric engineering, UX design practices and all similar ones into the wider software and systems engineering processes. Visible contributions of his includes the gaps and bridges between HCI design practices and software engineering methodologies such as agile, model-driven and service-oriented to building a unifying theory of human-centric software design and engineering.

Bilal Naqvi is a Registered Computer Software Engineer and an expert in Information Security. Besides research he has been holding a full-time teaching position in an Engineering university in Pakistan. He is currently doing PhD Software Engineering from Finland with focus on human-aspects related to computer security. The main goal of the research is development of design patterns for addressing the usability and security conflicts.

作者簡介(中文翻譯)

Christina Braz 自 2002 年以來一直在可用安全領域從事計算機安全（特別是用戶身份驗證和身份管理）的研究。她在蒙特利爾的魁北克大學獲得了認知計算的博士學位，並在蒙特利爾大學的計算機科學與應用研究系獲得電子商務的碩士學位。Braz 博士在計算機安全、金融、移動計算和電信行業擁有超過 15 年的工作經驗，曾在諮詢和企業環境中工作，如斯科舍銀行、花旗銀行、賽門鐵克、RSA Security、VeriSign 和羅傑電信。她還曾擔任波士頓東北大學的信息保障講師和加拿大蒙特利爾HEC的研究生教學助理。在過去的 10 年中，她在人體計算機互動安全（HCISec）領域發表了多篇論文。她的一些主要項目包括投資和銀行移動應用程序；可用安全對稱：一種安全性和可用性檢查方法；GlancePass：一種可用的單因素且強大的生物識別身份驗證方法；MobiTicket：一種基於無線（SMS）的拍賣應用程序，用於通過移動設備銷售音樂會門票；以及 AuthenLink，一種通過可植入的 RFID 晶片自動驗證移動用戶的身份驗證系統。Braz 博士目前在加拿大多倫多的斯科舍銀行研究與開發部門工作。

Ahmed Seffah 是芬蘭拉彭倫塔科技大學的人本軟體工程教授。此前，他是康考迪亞大學人本軟體工程研究主席的教職成員。Seffah 教授曾在多所大學和研究中心擔任訪問教授，包括 IBM、洛桑大學、戴姆勒克萊斯勒和蒙特利爾計算機研究所。他共同撰寫了五本研究書籍和論文，最新的一本是關於「HCI 設計模式的模式及 HCI 設計模式」。他的主要研究興趣是理解人類方面以及從人類角度量化軟體質量的措施，以及將 HCI 設計、以用戶為中心的工程、UX 設計實踐及所有類似的內容整合到更廣泛的軟體和系統工程過程中的途徑。他的可見貢獻包括 HCI 設計實踐與軟體工程方法論（如敏捷、模型驅動和面向服務）之間的差距和橋樑，以建立人本軟體設計和工程的統一理論。

Bilal Naqvi 是一名註冊計算機軟體工程師和信息安全專家。除了研究外，他還在巴基斯坦的一所工程大學擔任全職教學職位。他目前正在芬蘭攻讀計算機安全相關的人類方面的軟體工程博士學位。該研究的主要目標是開發設計模式，以解決可用性和安全性之間的衝突。