OAKLAND, Calif. -- The industry needs to radically rethink its approach to security research and concentrate on some of the larger problems, such as usability and transparency, rather than some of the more granular technical issues, according to a panel of experts at the IEEE Symposium on Security and Privacy.
"Just as the Graphical User Interface enabled users to know where their data was kept, we need a similar breakthrough to enable the user to keep track of who has access to their data," said Microsoft Research's Daniel Simon, a cryptographer.
Likewise, transparency means that users would know what applications are doing and why (spyware, for example). "Right now, the only difference between a virus and an application is that a virus does things that the user does not like. Otherwise, they look exactly the same," said Simon.
Carnegie Mellon's Mike Reiter agrees. "Usability is very important problem," he said. "Because there is an inherent relationship between trust and usability"
It's a relationship that malicious hackers sometimes exploit, he warned. Usability promotes trust. Users are far more likely to enter their credit card information on a Web site that is well designed."
Virgil Gligor, a computer-engineering professor at the University of Maryland, is more interested in investing research dollars in some of the more traditional areas, such as securing mobile ad hoc networks.
"If you have a large number of mobile ad hoc network nodes, how do you know that one of those nodes has not been captured and compromised?" he asked. "And how do you develop policies and practices that enable you to revoke nodes' rights that you think might be compromised?"