Refining the test phase of usability evaluation: how many subjects is enough?
Human Factors - Special issue: measurement in human factors
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Pretty good persuasion: a first step towards effective password security in the real world
Proceedings of the 2001 workshop on New security paradigms
User Interaction Design for Secure Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Did You Ever Have To Make Up Your Mind? What Notes Users Do When Faced With A Security Decision
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
An approach to usable security based on event monitoring and visualization
Proceedings of the 2002 workshop on New security paradigms
Bringing security home: a process for developing secure and usable systems
Proceedings of the 2003 workshop on New security paradigms
In Search of Usable Security: Five Lessons from the Field
IEEE Security and Privacy
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
Aligning Security and Usability
IEEE Security and Privacy
A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
Johnny 2: a user test of key continuity management with S/MIME and Outlook Express
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Two experiences designing for effective security
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Polaris: virus-safe computing for Windows XP
Communications of the ACM - Privacy and security in highly dynamic systems
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Protecting users from "themselves"
Proceedings of the 2007 ACM workshop on Computer security architecture
Usable secure mailing lists with untrusted servers
Proceedings of the 8th Symposium on Identity and Trust on the Internet
Modeling and analysis of security trade-offs - A goal oriented approach
Data & Knowledge Engineering
Proceedings of the 2008 workshop on New security paradigms
A goal oriented approach for modeling and analyzing security trade-offs
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Secure and usable P2P VoIP for mobile devices
Proceedings of the 12th international conference on Human computer interaction with mobile devices and services
ACM Transactions on Information and System Security (TISSEC)
International Journal of Information Security and Privacy
| Hi-index | 0.00 |
Security software is often difficult to use thus leading to poor adoption and degraded security. This paper describes a usability study that was conducted on the software 'Polaris'. This software is an alpha release that uses the Principle of Least Authority (POLA) to deny viruses the authority to edit files. Polaris was designed to align security with usability. The study showed that despite this aim, usability problems remained, especially when the study participants had to make security related decisions. They also showed apathy towards security, and knowingly compromised their security to get work done faster. This study also demonstrates the difficulty in achieving security and usability alignment when the usability is a post hoc consideration added to a developed product, rather than being integrated from the start. The alleviation of usability problems from security software proposed in this paper are threefold: reducing the burden on the user to make security related decisions, counteracting user's apathy by ensuring that the fast way of doing things is the secure way, and integrating security software with the operating system throughout development.