Patterns
- Active Warnings
- Attractive Options
- Complete Delete
- Conveying Threats & Consequences
- Create a Security Lexicon
- Create Keys When Needed
- Delayed Unrecoverable Action
- Detailed Notifications About Security
- Direct Access to UI Components
- Disable by Default
- Disable of Services
- Disclose Significant Deviations
- Distinguish Between Run and Open
- Distinguish Internal Senders
- Distinguish Security Levels
- Email-Based Identification and Authentication
- Explicit Item Delete
- Explicit User Audit
- Failing Safely
- General Notifications About Security
- Immediate Notifications
- Immediate Options
- Indirect Access to UI Components
- Informative Dialogues
- Install Before Execute
- Key Continuity Management
- Levels of Severity
- Leverage Existing Identification
- Localization of Specific Areas
- Migrate and Backup Keys
- Noticeable Contextual Indicators
- Providing Recommendations
- Quick Description of UI Components
- Redundant Notifications
- Reset to Installation
- Restricted Areas Notification
- Security Features Used by the System
- Security Features Used by the User
- Send S/MIME-Signed Email
- Separating Content
- Sequential Access to UI Components
- Suggestive Dialogues
- System’s Security Tasks
- The Absence of Indicators
- Track Received Keys
- Track Recipients
- Warn When Unsafe
Patterns are based on scientific sources.
Usable Security Pattern - Create a Security Lexicon
Luigi Lo Iacono, Peter Nehren
January 18, 2016
Create a Security Lexicon
| Name | Create a Security Lexicon |
| Sources | (Garfinkel, 2005) |
| Synonyms | None |
| Context | Without a readily accessible lexicon, it is difficult to implement the Consistent Meaningful Vocabulary principle (Garfinkel, 2005). |
| Problem | How can consistent and meaningful vocabulary be implemented across systems? |
| Solution | Provide a single location where security-related words are defined, allowing the use of these words to be standardized within and between systems. The single lexicon should be consistent across vendors as well. |
| Examples | The Mozilla Organization has created a “Glossary” (Mozilla, 2016) that includes the definitions of many terms.  Source: (Garfinkel, 2005) |
| Implementation | Use a lexicon that is consistent and meaningful. The industry as a whole needs to adopt a freely available “style book” that will present a standardized terminology. Words and terms that specifically need to be addressed are key, public key, private key, secret key, certificate (with no private key), certificate file (that includes a private key), digital ID, delete, erase, purge, clear and wipe. |
| Consequences | A single lexicon makes it possible for less sophisticated users to learn security concepts because the concept that underlies the word is constant. |
| Dependencies | None |
| Relationships | [Informative Dialogues] [Suggestive Dialogues] |
| Principles | [Consistent Meaningful Vocabulary] |
| Guidelines | None |
| Check lists | None |
| Use cases | None |
| Tags | Security Lexicon |
| Log history | [01/18/2016]: Added to repository |
References
Garfinkel, S.L., 2005. Design principles and patterns for computer systems that are simultaneously secure and usable (PhD thesis). Massachusetts Institute of Technology.
Mozilla, 2016. Glossary. Mozilla Developer Network.