Is Visualization Enough? Evaluating the Efficacy of MUD-Visualizer in Enabling Ease of Deployment for Manufacturer Usage Description (MUD)

被引：3

作者：

Andalibi, Vafa ^{[1
]}

Dev, Jayati ^{[1
]}

Kim, DongInn ^{[1
]}

Lear, Eliot ^{[2
]}

Camp, L. Jean ^{[1
]}

机构：

[1] Indiana Univ, Bloomington, IN 47405 USA

[2] Cisco Syst GmbH, Zurich, Switzerland

来源：

37TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, ACSAC 2021 | 2021年

基金：

美国国家科学基金会;

关键词：

Usable Security; Internet of Things; Network Security; Usable Access Control; IoT; MUD; Manufacturer Usage Description;

D O I：

10.1145/3485832.3485879

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

The IETF Manufacturer Usage Description (MUD) standard was designed to protect IoT devices through network micro-segmentation. In practice, this is implemented using per-device access control that is defined by the manufacturer. This access control is embedded in a "MUD-File", which is transferred to the user's network during the onboarding process, and may contain from one to hundreds of rules. Validating these rules for each device can be a challenge, particularly when devices are interacting. In response, MUD-Visualizer was designed to simplify the validation of individual and interacting MUD-Files through straightforward visualizations. In this work, we report on an evaluation of the usability and efficacy of MUD-Visualizer. The results illustrate that not only it is more usable compared to manual analysis, but the participants that used MUD-Visualizer also had more accurate results in less time.

引用

页码：337 / 348

页数：12

共 36 条

[1] You Get Where You're Looking For The Impact of Information Sources on Code Security
Acar, Yasemin
Backes, Michael
Fahl, Sascha
Kim, Doowon
Mazurek, Michelle L.
Stransky, Christian
[J]. 2016 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2016, : 289 - 305
[2] Andalibi Vafa, 2021, 5 EAI INT C SAF SEC
[3] Anwar Mohd., 2012, 27th Annual ACM Symposium on Applied Computing, P1443
[4] An empirical evaluation of the System Usability Scale
Bangor, Aaron
Kortum, Philip T.
Miller, James T.
[J]. INTERNATIONAL JOURNAL OF HUMAN-COMPUTER INTERACTION, 2008, 24 (06) : 574 - 594
[5] Bauer L, 2009, CHI2009: PROCEEDINGS OF THE 27TH ANNUAL CHI CONFERENCE ON HUMAN FACTORS IN COMPUTING SYSTEMS, VOLS 1-4, P899
[6] BrianWeis, 2018, MUD-Manager Version 3.0
[7] Brooke J., 1996, Usability Evaluation in Industry, V189, P4, DOI [DOI 10.1201/9781498710411-35, 10.1201/9781498710411-35]
[8] Camp L.J., 2019, P 52 HAW INT C SYST
[9] Cappos Justin., 2014, Proceedings of the 2014 workshop on New Security Paradigms Workshop, Victoria, BC, Canada, September 15-18, 2014, P53, DOI DOI 10.1145/2683467.2683472
[10] Chinn S, 2000, STAT MED, V19, P3127, DOI 10.1002/1097-0258(20001130)19:22<3127::AID-SIM784>3.3.CO

← 1 2 3 4 →