Lessons from Architecture School: Part 3

This is the third and final installment in the series on Lessons from Architecture School: Lessons for IoT Security. You can also read the first and second installments, or download the presentation. Thank you to the audience at Solid Conference for good questions and lively discussion.

Homes Are More Than Houses

Shop houses are a type of vernacular architecture built throughout Southeast Asia. Vernacular architecture is built using folk knowledge and local customs, typically without the use of an architect.

Shop Houses, Singapore. Image CC-BY-NC-ND, Peter Morgan, https://www.flickr.com/photos/pmorgan/9611965697/
Shop houses, Singapore.

Shop houses are traditionally two levels with commercial space on the ground floor and a residence above. A typical feature is an awning protecting the street from sun and rain. Local custom, which became law in Singapore in the 1800s, is that the owner maintains the awning over a public passage or sidewalk, creating an interesting interplay between personal responsibility and the common good.

Despite widespread familiarity with the building type, there are better and worse examples of vernacular architecture because, despite having access to good precedents, not everyone does a good job with implementation. For example, an awning may be both legally required and obviously a good idea, and still be leaky or badly constructed.

Different types of knowledge — and different types of professional expertise — are necessary to make a successful building, just as they are for making successful security.

Security Thought-Starter

Don’t roll your own crypto. It’s easy to create a code that you yourself can’t crack that is trivially easy to a pro. Recent threats to Open Smart Grid show that creating a home-grown cryptographic solution leaves big vulnerabilities. Working with standard cryptographic libraries is one way to make sure your applications are using best-in-class security. Using open-source libraries also means that you (or experts) can validate the crypto. One venue for learning more is the Real World Crypto Conference, next held in Stanford, CA in January 2016.

UX Consideration

Exposing underlying systems can teach behavior. When electric cars first reached a mass audience, new dashboard interfaces educated drivers on the basics of how these unfamiliar systems work. Many Prius drivers didn’t know how internal combustion engines worked, which meant an explanation only in terms of difference would not be meaningful. Instead, UX design taught a bunch of people how to think about their car’s power source.

Toyota Prius dashboard. Image CC-BY, It’s Our City, https://www.flickr.com/photos/its_our_city/2838668732/ (cropped)
Toyota Prius dashboard

The design decisions in electric car dashboards have changed drivers’ behavior by helping them understand how the system works. Similarly, there is a huge opportunity for designers to create new interfaces to help people communicate securely. For example, simple visualizations of how the internet works could change users’ messaging behavior to become more security aware. The challenge is to show only appropriate complexity and not overwhelm the user with extraneous detail, just as the UX designers for the Prius selected only a few pieces of information that directly respond to changes in driving conditions.

Image of Shop houses, Singapore, by Peter Morgan, used under CC-BY-NC-ND

Image of Toyota Prius dashboard, by It's Our City, used under CC-BY 2.0 (cropped)


Meeting Users' Needs: The Necessary Is Not Sufficient

Building great software requires understanding what users want and need. If you’re building privacy-preserving software, this includes understanding the privacy threats that your users face. One of the participants in Ame’s NYC study. When Ame set out to talk to people in the New York City neighborhoods of Brownsville and Harlem about their experiences with mobile messaging, she wanted to amplify voices that are frequently underrepresented in the software community.

Features – Like Backdoors – Are Forever

The news this week has been full of stories about Apple's resistance to a court order demanding they build a custom backdoor to a phone used by one of the San Bernardino suspects. While I will leave deep analysis of the legal situation to experts of that domain, I believe that this instance holds valuable lessons for all software teams. One lesson in particular helps us understand why the creation of such a backdoor would inevitably become dangerous for innocent users.

Briar: Notes From An Expert Review

Researchers who want to evaluate software interfaces have a number of tools at their disposal. One option for identifying obvious and significant problems is an expert review, which is often used to catch low-hanging fruit before performing any kind of user testing. Expert reviews employ usability heuristics, which systematically explore potential problems with a piece of software by applying patterns for good design. With some guidance from UX-research veteran Susan Farrell, we recently performed expert reviews of a few open source tools for encrypting communications.