User Interaction Design for Secure Systems

Authors:
Ka-Ping Yee
Affiliations:
-
Venue:
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Year:
2002

Citing 10
Cited 43

Interacting plans

Distributed Artificial Intelligence
Computers are social actors

CHI '94 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Enhancing the explanatory power of usability heuristics

CHI '94 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Practical Unix and Internet security (2nd ed.)

Practical Unix and Internet security (2nd ed.)
EROS: a fast capability system

Proceedings of the seventeenth ACM symposium on Operating systems principles
Users are not the enemy

Communications of the ACM
Capability-Based Financial Instruments

FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Usability meets security - the Identity-Manager as your personal security assistant for the Internet

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
KeyKOS architecture

ACM SIGOPS Operating Systems Review
The Confused Deputy: (or why capabilities might have been invented)

ACM SIGOPS Operating Systems Review

Usability and privacy: a study of Kazaa P2P file-sharing

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
HCI and security systems

CHI '03 Extended Abstracts on Human Factors in Computing Systems
Humans in the Loop: Human-Computer Interaction and Security

IEEE Security and Privacy
Secured Advanced Federated Environment (SAFE): A NASA Solution for Secure Cross-Organization Collaboration

WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Enforce POLA on processes to control viruses

Communications of the ACM - Mobile computing opportunities and challenges
Aligning Security and Usability

IEEE Security and Privacy
KNOW Why your access was denied: regulating feedback for usable security

Proceedings of the 11th ACM conference on Computer and communications security
A PIN-entry method resilient against shoulder surfing

Proceedings of the 11th ACM conference on Computer and communications security
Security in the wild: user strategies for managing security as an everyday, practical problem

Personal and Ubiquitous Computing
Trusted paths for browsers

ACM Transactions on Information and System Security (TISSEC)
Improving user-interface dependability through mitigation of human error

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Security and usability engineering with particular attention to electronic mail

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Micro-views, or on how to protect privacy while enhancing data usability: concepts and challenges

ACM SIGMOD Record
Share and share alike: exploring the user interface affordances of file sharing

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Is usable security an oxymoron?

interactions - A contradiction in terms?
Aligning usability and security: a usability study of Polaris

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Intentional access management: making access control usable for end-users

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Polaris: virus-safe computing for Windows XP

Communications of the ACM - Privacy and security in highly dynamic systems
User help techniques for usable security

Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
Design of the EROS trusted window system

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Detecting Cognitive Causes of Confidentiality Leaks

Electronic Notes in Theoretical Computer Science (ENTCS)
A critique of the GNU hurd multi-server operating system

ACM SIGOPS Operating Systems Review
Bitfrost: the one laptop per child security model

Proceedings of the 3rd symposium on Usable privacy and security
The psychology of security

Communications of the ACM - The psychology of security: why do good users make bad decisions?
Integrating security and usability into the requirements and design process

International Journal of Electronic Security and Digital Forensics
A Coordination Model for Improving Software System Attack-Tolerance and Survivability in Open Hostile Environments

International Journal of Distributed Sensor Networks - Sensor Networks, Ubiquitous and Trustworthy Computing
Expressions of expertness: the virtuous circle of natural language for access control policy specification

Proceedings of the 4th symposium on Usable privacy and security
Threats or threads: from usable security to secure experience?

Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges
Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

International Journal of Human-Computer Studies
Enforcing security for desktop clients using authority aspects

Proceedings of the 8th ACM international conference on Aspect-oriented software development
Lessons from brain age on persuasion for computer security

CHI '09 Extended Abstracts on Human Factors in Computing Systems
Revealing hidden context: improving mental models of personal firewall users

Proceedings of the 5th Symposium on Usable Privacy and Security
Laissez-faire file sharing: access control designed for individuals at the endpoints

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Improving usability by adding security to video conferencing systems

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Secure and usable P2P VoIP for mobile devices

Proceedings of the 12th international conference on Human computer interaction with mobile devices and services
Filter-based access control model: exploring a more usable database management

Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
The structure of authority: why security is not a separable concern

MOZ'04 Proceedings of the Second international conference on Multiparadigm Programming in Mozart/Oz
The oz-e project: design guidelines for a secure multiparadigm programming language

MOZ'04 Proceedings of the Second international conference on Multiparadigm Programming in Mozart/Oz
Can hand-held computers still be better smart cards?

INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Operating system framed in case of mistaken identity: measuring the success of web-based spoofing attacks on OS password-entry dialogs

Proceedings of the 2012 ACM conference on Computer and communications security
TrustNeighborhoods: visualizing trust in distributed file sharing systems

EUROVIS'07 Proceedings of the 9th Joint Eurographics / IEEE VGTC conference on Visualization
BetterAuth: web authentication revisited

Proceedings of the 28th Annual Computer Security Applications Conference
When it's better to ask forgiveness than get permission: attribution mechanisms for smartphone resources

Proceedings of the Ninth Symposium on Usable Privacy and Security

Quantified Score

Hi-index	0.01

Visualization

Abstract

The security of any system that is configured or operated by human beings depends on the information conveyed by the user interface, the decisions of the users, and the interpretation of their actions. This paper establishes some starting points for reasoning about security from a user-centred perspective: it proposes to model systems in terms of actors and actions, and introduces the concept of the subjective actor-ability state. Ten principles for secure interaction design are identified; examples of real-world problems illustrate and justify the principles.