Patterns
- Active Warnings
- Attractive Options
- Complete Delete
- Conveying Threats & Consequences
- Create a Security Lexicon
- Create Keys When Needed
- Delayed Unrecoverable Action
- Detailed Notifications About Security
- Direct Access to UI Components
- Disable by Default
- Disable of Services
- Disclose Significant Deviations
- Distinguish Between Run and Open
- Distinguish Internal Senders
- Distinguish Security Levels
- Email-Based Identification and Authentication
- Explicit Item Delete
- Explicit User Audit
- Failing Safely
- General Notifications About Security
- Immediate Notifications
- Immediate Options
- Indirect Access to UI Components
- Informative Dialogues
- Install Before Execute
- Key Continuity Management
- Levels of Severity
- Leverage Existing Identification
- Localization of Specific Areas
- Migrate and Backup Keys
- Noticeable Contextual Indicators
- Providing Recommendations
- Quick Description of UI Components
- Redundant Notifications
- Reset to Installation
- Restricted Areas Notification
- Security Features Used by the System
- Security Features Used by the User
- Send S/MIME-Signed Email
- Separating Content
- Sequential Access to UI Components
- Suggestive Dialogues
- System’s Security Tasks
- The Absence of Indicators
- Track Received Keys
- Track Recipients
- Warn When Unsafe
Patterns are based on scientific sources.
Usable Security Pattern - Distinguish Internal Senders
Luigi Lo Iacono, Peter Nehren
January 18, 2016
Distinguish Internal Senders
| Name | Distinguish Internal Senders |
| Sources | (Garfinkel, 2005) |
| Synonyms | None |
| Context | In many cases the system has used some kind of authentication procedure to ascertain the identity of the service’s user—for example, requiring a username and password. It makes sense to distinguishes messages sent from these authenticated users from messages that originated from outside the system for which no authentication was performed. |
| Problem | How can the authenticity of mails be distinguished? |
| Solution | Allow users to readily distinguish between mail that was generated from within an email system and mail that was injected from the outside but which claims to have an internal address. |
| Examples | AOL distinguishes between mail that is sent from within AOL and mail that was sent from outside AOL but with an @aol.com domain name. In the first case, the From: address is displayed accompanied by the AOL logo, while in the second case the AOL logo is not displayed. AOL also distinguishes official AOL mail from mail that is sent by users.  Source: (Garfinkel, 2005) |
| Implementation | Messages that originate from within the system need to be specially tagged in a manner that cannot be forged by outsiders. |
| Consequences | Users can distinguish email that was sent after the user was authenticated, versus email that was delivered over the Internet. |
| Dependencies | None |
| Relationships | None |
| Principles | [Visibility] |
| Guidelines | None |
| Check lists | None |
| Use cases | None |
| Tags | Distinguish Internal Senders, Inputability, Authenticity |
| Log history | [01/18/2016]: Added to repository |
References
Garfinkel, S.L., 2005. Design principles and patterns for computer systems that are simultaneously secure and usable (PhD thesis). Massachusetts Institute of Technology.