An Evaluation Methodology for the Usability and Security of Cloud-based File Sharing Technologies

Loading...
Thumbnail Image
Authors
Potter, Trek C.
Subjects
Cloud Computing
File Sharing
Insider Threat
Information Assurance
Usability
HCI
HCI-SEC
Human Factors
Advisors
Shaffer, Alan
Garfinkel, Simson
Date of Issue
2001-06
Date
Sep-12
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
To operate effectively and maintain national security, the DoD relies on the ability to ensure authorized access to information, while protecting that information from unauthorized users. Non-malicious insider threats involving information leakage typically receive little attention, though their impact is significant. This thesis focuses on how the act of file sharing contributes to non-malicious insider threats. Current file sharing methods provide neither the usability users require nor the security the organization requires. Security without usability results in users bypassing securing features, and systems that are usable but not secure are invariably compromised. Therefore, usability and security must be properly aligned to attain true security. Cloud-based file sharing technologies provide promising alternatives for both usable and secure file sharing. As the federal government moves toward the cloud, new programs assess the back-end security of commercially available cloud-based technologies. Building on prior research, this thesis develops a methodology for evaluating the usability and security of cloud-based file sharing technologies from the end-user perspective. This methodology adapts and combines the concepts of heuristics evaluation and cognitive walkthrough. Specifically, the heuristics evaluation assesses whether a cloud-based file sharing technology implements critical usability and security principles, and the cognitive walkthrough determines how usably the principles are implemented. The thesis concludes with a demonstration of how the methodology is conducted. The results of this methodology will assist organizations in properly assessing a technology for official use by DoD.
Type
Thesis
Description
Series/Report No
Department
Information Technology Management
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Collections