Two experiences designing for effective security

Symposium On Usable Privacy and Security Pub Date : 2005-07-06 DOI:10.1145/1073001.1073004

R. Paula, X. Ding, P. Dourish, K. Nies, Ben Pillet, D. Redmiles, J. Ren, J. Rode, R. S. Filho

{"title":"Two experiences designing for effective security","authors":"R. Paula, X. Ding, P. Dourish, K. Nies, Ben Pillet, D. Redmiles, J. Ren, J. Rode, R. S. Filho","doi":"10.1145/1073001.1073004","DOIUrl":null,"url":null,"abstract":"In our research, we have been concerned with the question of how to make relevant features of security situations visible to users in order to allow them to make informed decisions regarding potential privacy and security problems, as well as regarding potential implications of their actions. To this end, we have designed technical infrastructures that make visible the configurations, activities, and implications of available security mechanisms. This thus allows users to make informed choices and take coordinated and appropriate actions when necessary. This work differs from the more traditional security usability work in that our focus is not only on the usability of security mechanism (e.g., the ease-of-use of an access control interface), but how security can manifest itself as part of people's interactions with and through information systems (i.e., how people experience and interpret privacy and security situations, and are enabled or constrained by existing technological mechanisms to act appropriately). In this paper, we report our experiences designing, developing, and testing two technical infrastructures for supporting this approach for usable security.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"271 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"41","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium On Usable Privacy and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1073001.1073004","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 41

Abstract

In our research, we have been concerned with the question of how to make relevant features of security situations visible to users in order to allow them to make informed decisions regarding potential privacy and security problems, as well as regarding potential implications of their actions. To this end, we have designed technical infrastructures that make visible the configurations, activities, and implications of available security mechanisms. This thus allows users to make informed choices and take coordinated and appropriate actions when necessary. This work differs from the more traditional security usability work in that our focus is not only on the usability of security mechanism (e.g., the ease-of-use of an access control interface), but how security can manifest itself as part of people's interactions with and through information systems (i.e., how people experience and interpret privacy and security situations, and are enabled or constrained by existing technological mechanisms to act appropriately). In this paper, we report our experiences designing, developing, and testing two technical infrastructures for supporting this approach for usable security.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

两种有效安全的设计经验

在我们的研究中，我们一直关注的问题是如何使安全情况的相关特征对用户可见，以便他们能够就潜在的隐私和安全问题以及他们的行为的潜在影响做出明智的决定。为此，我们设计了技术基础设施，使可用安全机制的配置、活动和含义可见。因此，这允许用户做出明智的选择，并在必要时采取协调和适当的行动。这项工作不同于更传统的安全可用性工作，因为我们的重点不仅是安全机制的可用性(例如，访问控制接口的易用性)，而且安全如何作为人们与信息系统交互和通过信息系统交互的一部分表现出来(即，人们如何体验和解释隐私和安全情况，以及如何被现有技术机制启用或约束以适当地行动)。在本文中，我们报告了我们设计、开发和测试两种技术基础结构的经验，以支持这种方法实现可用的安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Symposium On Usable Privacy and Security

自引率

0.00%

发文量