User Interaction Design for Secure Systems

Yee, Ka-Ping

doi:10.1007/3-540-36159-6_24

Cited by 116 publications

(96 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The user should have the ability to express these wishes in a usable way through a graphical user interface. Recent work shows that this can be done [Yee02]. For example, selecting a file from a browser window gives a capability to the application: it both designates the file and gives authority to perform an operation (such as an edit) on the file.…”

Section: Environment Interactionmentioning

confidence: 99%

See 1 more Smart Citation

The Oz-E Project: Design Guidelines for a Secure Multiparadigm Programming Language

Spiessens

Roy

2005

Multiparadigm Programming in Mozart/Oz

View full text Add to dashboard Cite

Abstract. The design and implementation of a capability secure multiparadigm language should be guided from its conception by proven principles of secure language design. In this position paper we present the Oz-E project, aimed at building an Oz-like secure language, named in tribute of E [MMF00] and its designers and users who contributed greatly to the ideas presented here. We synthesize the principles for secure language design from the experiences with the capability-secure languages E and the W7-kernel for Scheme 48 [Ree96]. These principles will be used as primary guidelines during the project. We propose a layered structure for Oz-E and discuss some important security concerns, without aiming for completeness at this early stage.

show abstract

Section: Environment Interactionmentioning

confidence: 99%

“…QTk builds on the insecure module Tk and augments that functionality instead of restricting it. QTk has to be modified so that it satisfies the principles enunciated in [Yee02] and implemented in CapDesk.…”

Section: Environment Interactionmentioning

confidence: 99%

The Oz-E Project: Design Guidelines for a Secure Multiparadigm Programming Language

Spiessens

Roy

2005

Multiparadigm Programming in Mozart/Oz

View full text Add to dashboard Cite

show abstract

“…Work we found useful to our experiment includes research on principles for secure interaction design [47], common problems in humancomputer dialogue design [27], user tolerance of security delays [16], treating human attention as a scarce resource when to delegate tasks to users [6], stopping users from installing potentially harmful programs [21], and getting proper user consent [7].…”

Section: Related Workmentioning

confidence: 99%

A Usability Evaluation of Tor Launcher

Lee

Fifield

Malkin

et al. 2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract:Although Tor has state-of-the art anticensorship measures, users in heavily censored environments will not be able to connect to Tor if they cannot configure their connections. We perform the first usability evaluation of Tor Launcher, the graphical user interface (GUI) that Tor Browser uses to configure connections to Tor. Our study shows that 79% (363 of 458) of user attempts to connect to Tor in simulated censored environments failed. We found that users were often frustrated during the process and tried options at random. In this paper, we measure potential usability issues, discuss design constraints unique to Tor, and provide recommendations based on what we learned to help more users connect to Tor while reducing the time they take to do so. Tor Browser incorporated the changes proposed by this study.

show abstract

“…[8,4,16], which deal with security and usability. Also more traditional usability guidelines such as [11,13, lOj must be considered.…”

Section: Summary and Recommendationsmentioning

confidence: 99%

Usability and Security of Personal Firewalls

Herzog

Shahmehri

2007

New Approaches for Security, Privacy and Trust in Complex Environments

View full text Add to dashboard Cite

A b s t r a c t . Effective security of a personal firewall depends on (1) the rule granularity and the implementation of the rule enforcement and (2) the correctness and granularity of user decisions at the time of an alert. A misconfigured or loosely configured firewall may be more dangerous than no firewall at all because of the user's false sense of security. This study assesses effective security of 13 personal firewalls by comparing possible granularity of rules as well as the usability of rule set-up and its influence on security. In order to evaluate usability, we have submitted each firewall to use cases that require user decisions and cause rule creation. In order to evaluate the firewalls' security, we analysed the created rules. In addition, we ran a port scan and replaced a legitimate, network-enabled application with another program to etssess the firewalls' behaviour in misuse cases. We have conducted a cognitive walkthrough paying special attention to user guidance and user decision support. We conclude that a stronger emphasis on user guidance, on conveying the design of the personal firewall application, on the principle of least privilege and on implications of default settings would greatly enhance both usability and security of personal firewalls.

show abstract

User Interaction Design for Secure Systems

Cited by 116 publications

References 16 publications

The Oz-E Project: Design Guidelines for a Secure Multiparadigm Programming Language

The Oz-E Project: Design Guidelines for a Secure Multiparadigm Programming Language

A Usability Evaluation of Tor Launcher

Usability and Security of Personal Firewalls

Contact Info

Product

Resources

About