User-centered security

Zurko, Mary Ellen; Simon, Richard T.

doi:10.1145/304851.304859

Cited by 183 publications

(118 citation statements)

References 16 publications

Supporting

Mentioning

117

Contrasting

Order By: Relevance

“…Software engineering approaches to security are generally focussed on providing technical security, but there is growing evidence [Saltzer & Schroeder, 1975] that these approaches do not consider the needs of people sufficiently [Zurko & Simon, 1997]. Although developers have been identified as being a target group that requires usable security [Zurko & Simon, 1997], no efforts seem to have been made to ensure security development methods are well suited to the needs of developers.…”

Section: Resultsmentioning

confidence: 99%

“…Although developers have been identified as being a target group that requires usable security [Zurko & Simon, 1997], no efforts seem to have been made to ensure security development methods are well suited to the needs of developers. In fact, by putting the onus on the developers to build better user interfaces, the current trend in HCISec research is arguably adding to the complexity of building secure systems.…”

Section: Resultsmentioning

confidence: 99%

“…The idea presented in that paper was later taken up by [Zurko & Simon, 1997], who argued for user-centred security design to ensure that users, developers and system administrators made correct decisions. Studies of existing security mechanisms, such as passwords [Adams & Sasse, 1999] or PGP [Whitten & Tygar, 1999], also highlighted the important role that users play in the overall success of secure systems.…”

Section: Human Computer Interaction and Securitymentioning

confidence: 99%

See 2 more Smart Citations

Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

Fléchais

Sasse

2009

International Journal of Human-Computer Studies

View full text Add to dashboard Cite

e-Science projects face a difficult challenge in providing access to valuable computational resources, data and software to large communities of distributed users. On the one hand, the raison d'être of the projects is to encourage members of their research communities to use the resources provided. On the other hand, the threats to these resources from online attacks require robust and effective security to mitigate the risks faced. This raises two issues: ensuring that (1) the security mechanisms put in place are usable by the different users of the system, and (2) the security of the overall system satisfies the security needs of all its different stakeholders. A failure to address either of these issues can seriously jeopardise the success of e-Science projects.The aim of this paper is to firstly provide a detailed understanding of how these challenges can present themselves in practice in the development of e-Science applications. Secondly, this paper examines the steps that projects can undertake to ensure that security requirements are correctly identified, and security measures are usable by the intended research community. The research presented in this paper is based on four case studies of e-Science projects. Security design traditionally uses expert analysis of risks to the technology and deploys appropriate countermeasures to deal with them. However, these case studies highlight the importance of involving all stakeholders in the process of identifying security needs and designing secure and usable systems.For each case study, transcripts of the security analysis and design sessions were analysed to gain insight into the issues and factors that surround the design of usable security. The analysis concludes with a model explaining the relationships between the most important factors identified. This includes a detailed examination of the roles of responsibility, motivation and communication of stakeholders in the ongoing process of designing usable secure socio-technical systems such as e-Science.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Human Computer Interaction and Securitymentioning

confidence: 99%

See 1 more Smart Citation

Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

Fléchais

Sasse

2009

International Journal of Human-Computer Studies

View full text Add to dashboard Cite

show abstract

“…But while security facilitation, how it was affecting the usability and interactive system designing haven"t been discussed. In [19] M. E. Zurko and R. T. Simon provided theoretical analysis to balance the usability, security and interactive system design. But the principles presented were theoretical and unable to design the crisp boundary between usability and security.…”

Section: Related Workmentioning

confidence: 99%

Relating Interactive System Design and Information Theory from Information Leakage Perspective

Anjaria¹,

Mishra²

2017

IJEM

View full text Add to dashboard Cite

In contemporary interactive software system design, to maintain equilibrium between usability and security is a challenging task because strictly enforced security policies directly affect the usability of the software. As a solution to this problem, information theoretic measure of information leakage in interactive system design has been proposed in the present work. The present paper first models the software system as a coloured Petri net model and after that using information theory and Petri net algebra; it defines the leakage in the interacting system. Based on the leakage definition, the present paper further quantifies information leakage and tries to establish a relation between information leakage and interactive system design principles. The paper also hints to decide consensus on the equilibrium of security and usability.

show abstract

“…The second standpoint is characterised by Zurko and Simon's work on user-centred security [61]. User-centred security refers to ''security models, mechanisms, systems, and software that have usability as a primary motivation or goal''.…”

Section: User-centred Security and Aegismentioning

confidence: 99%

Finding and resolving security misusability with misusability cases

Faily

Fléchais

2014

Requirements Eng

View full text Add to dashboard Cite

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and viceversa. One way of using scenarios to bridge security and usability involves explicitly describing how design decisions can lead to users inadvertently exploiting vulnerabilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems subsequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illustrating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems.

show abstract

User-centered security

Cited by 183 publications

References 16 publications

Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

Relating Interactive System Design and Information Theory from Information Leakage Perspective

Finding and resolving security misusability with misusability cases

Contact Info

Product

Resources

About