Guidelines are based on scientific sources.
Name | Usable set-up of security runtime policies |
Sources | (Herzog, 2007) |
Synonyms | None |
Context | Applications that delegate security decisions to lay users and capture these user decisions as a security policy |
Item 1 | Security must be visible without being intrusive “(Johnston et al., 2003), (Nielsen, 1994) and (Yee, 2002) propose visibility of system status as one criterion for successful HCI in security applications. Visibility contributes to the building of trust in the security application. However, users do not want to be ambushed with security alerts at all times (Sasse et al., 2001)” [Principle] Visibility [Principle] Convenience |
Item 2 | Security applications must encourage learning “As a first step towards learning, (Nielsen, 1994) demands that applications use the language of the users to enhance their understanding and consequently to support the learning process. (Whitten and Tygar, 1999) have shown that security is difficult to understand and that concepts from educational software could and should be borrowed. (Johnston et al., 2003) propose learnability, which we take one step further: not only should the software be learnable but also encourage the user to learn about security issues” [Principle] Conditioning |
Item 3 | Give the user a chance to revise a hasty decision later “The pre-studies have shown that users are aware of making hasty decisions, driven by the need to get a primary task done. While security in principle has the barn-door property (Whitten and Tygar, 1999), i.e. that the late closing of a security door may be exactly too late because the damage is already done, this is not always or absolutely the case. But if there is no convenient way for the user to “close the door” it will remain open, and this must be avoided. This issue is also recognised as revocability by (Yee, 2002) or easy reversal of actions by (Shneiderman and Plaisant, 2004), even though true reversal may not be possible because of the barn-door property” [Principle] Revocability |
Item 4 | Decisions cannot be handled off-line; runtime set-up is to be preferred “This guideline is in conflict with the guideline support internal locus of control by making the user initiate actions, not respond to system output by (Shneiderman and Plaisant, 2004) and shows clearly that not all usability guidelines can be uncritically transferred to security applications, which are typically supportive and not primary-task applications, and the user is not likely to take any actions if not prompted to do so” |
Item 5 | Enforce least privilege wherever possible “The principle of least privilege comes from (Saltzer and Schroeder, 1975) and is one important principle of computer security and specifically access control, which is what security policies are about. (Garfinkel, 2005) warns in this context of hyperconfigurability. Users have difficulties in managing too many options and cannot take in the consequences of their modifications. Garfinkel suggests “a range of well-vetted, understood and teachable policies” instead of exposing the user to fine-grained policy set-up” |
Item 6 | In a security alert, the user should be informed of the severity of the event and what to do “(Nielsen, 1994) proposes that error messages should contain instructions on what to do, not only what has happened. Still, the texts must be short and focused so that they are actually read. Details and additional explanations should be accessible but not blur the main message. (Yee, 2002) demands clarity so that the effects of any actions the user may take are clear to him/her before performing the action. Also (Hardee et al., 2006) state that any decision support should contain the consequence of any action taken” [Principle] Clarity [Principle] Understandability |
Item 7 | Spend time on icons “(Johnston et al., 2003) state that well-chosen icons can increase learnability. This is supported by (Whitten et al., 2004), who argues icon choices and suggests icons for public-key encryption, and (Pettersson, 2005) who comments on the difficulty of choosing icons for privacy settings” |
Item 8 | Know and follow general usability guidelines and test, test, and test again “General usability guidelines are, e.g. described by (Shneiderman and Plaisant, 2004) or (Nielsen, 1993). However, these guidelines are often so general that they can be difficult to implement for a specific case. Therefore, actual usability testing with users from the intended user segment is essential” |
Examples | None |
Related Guidelines | None |
Tags | |
Log history | [01/24/2019]: Added to repository |
Garfinkel, S.L., 2005. Design principles and patterns for computer systems that are simultaneously secure and usable (PhD thesis). Massachusetts Institute of Technology.
Hardee, J.B., West, R., Mayhorn, C.B., 2006. To download or not to download: An examination of computer security decision making. Interactions 13, 32–37. doi:10.1145/1125864.1125887
Herzog, A., 2007. Usable set-up of runtime security policies. Information Management & Computer Security 15, 394–407. doi:10.1108/09685220710831134
Johnston, J., Eloff, J.H.P., Labuschagne, L., 2003. Features: Security and human computer interfaces. Comput. Secur. 22, 675–684. doi:10.1016/S0167-4048(03)00006-3
Nielsen, J., 1994. Heuristic evaluation, in: Nielsen, J., Mack, R. (Eds.), Usability Inspection Methods. Wiley, New York, NY, pp. 25–62.
Nielsen, J., 1993. Usability engineering. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA.
Pettersson, J.S., 2005. Deliverable d06.1.c, pRIME project [WWW Document]. URL http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.403.2039&rep=rep1&type=pdf (accessed 1.24.19).
Saltzer, J.H., Schroeder, M.D., 1975. The protection of information in computer systems. Proceedings of the IEEE 63, 1278–1308. doi:10.1109/PROC.1975.9939
Sasse, M.A., Brostoff, S., Weirich, D., 2001. Transforming the “weakest link” — a human/Computer interaction approach to usable and effective security. BT Technology Journal 19, 122–131. doi:10.1023/A:1011902718709
Shneiderman, B., Plaisant, C., 2004. Designing the user interface: Strategies for effective human-computer interaction (4th edition). Pearson Addison Wesley.
Whitten, A., Kraut, R., Roth, S., 2004. Making security usable. School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, CMU-CS-04-135.
Whitten, A., Tygar, J.D., 1999. Why johnny can’t encrypt: A usability evaluation of pGP 5.0, in: Proceedings of the 8th Conference on USENIX Security Symposium - Volume 8, SSYM’99. USENIX Association, Berkeley, CA, USA, pp. 14–14.
Yee, K.-P., 2002. User interaction design for secure systems, in: Proceedings of the 4th International Conference on Information and Communications Security, ICICS ’02. Springer-Verlag, London, UK, UK, pp. 278–290.