Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable


Simson L. Garfinkel

S.B., Massachusetts Institute of Technology (1987)
S.B., Massachusetts Institute of Technology (1987)
S.B., Massachusetts Institute of Technology (1987)
M.S., Columbia University (1988)

Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science and Engineering at the


May 2005

(C) Simson L. Garfinkel, MMV. All rights reserved.

The author hereby grants to MIT permission to reproduce and distribute publicly paper and electronic copies of this thesis document in whole or in part.

This is Simson Garfinkel's PhD thesis, with minor typographical corrections.
Download the entire thesis [31 MB] or the PhD defense Slides [9 MB]

You can also download individual chapters:

Section Name Pages Size
cover [PDF] 74 KB
contents [PDF]104 KB
1Introduction [PDF]25238 KB
2Prior Work [PDF]648.0 MB
3Sanitization and Visibility 1: Operating Systems [PDF]422.4 MB
4Sanitization and Visibility 2: Applications [PDF]172.4 MB
5Solving Secure Email's "Grand Challenge" with Signature-Only Email [PDF]412.6 MB
6The Key Certification Problem: Rethinking PKI [PDF]393.1 MB
7Key Continuity Management [PDF]431.9 MB
8Regulatory Approaches [PDF]191.1 MB
9Additional Techniques for Aligning Security and Usability [PDF]141.0 MB
10Design Principles and Patterns for Aligning Security and Usability [PDF]322.3 MB
11Future Work: an HCI-SEC Research Agenda [PDF]231.5 MB
AHard Drive Study Details [PDF]4 48 KB
BMail Security Survey Details [PDF]5108 KB
CJohnny 2 User Test Details [PDF]336.2 MB
DTwo Email Proxies [PDF]11549 KB
ESpecific Recommendations to Vendors [PDF]4 77 KB
biblio [PDF]281 KB
aindex [PDF]258 KB
colophon [PDF] 52 KB

Note: This is the corrected version of the thesis, with minor typos fixed. You can also download the thesis as submitted to MIT.