Patterns
- Active Warnings
- Attractive Options
- Complete Delete
- Conveying Threats & Consequences
- Create a Security Lexicon
- Create Keys When Needed
- Delayed Unrecoverable Action
- Detailed Notifications About Security
- Direct Access to UI Components
- Disable by Default
- Disable of Services
- Disclose Significant Deviations
- Distinguish Between Run and Open
- Distinguish Internal Senders
- Distinguish Security Levels
- Email-Based Identification and Authentication
- Explicit Item Delete
- Explicit User Audit
- Failing Safely
- General Notifications About Security
- Immediate Notifications
- Immediate Options
- Indirect Access to UI Components
- Informative Dialogues
- Install Before Execute
- Key Continuity Management
- Levels of Severity
- Leverage Existing Identification
- Localization of Specific Areas
- Migrate and Backup Keys
- Noticeable Contextual Indicators
- Providing Recommendations
- Quick Description of UI Components
- Redundant Notifications
- Reset to Installation
- Restricted Areas Notification
- Security Features Used by the System
- Security Features Used by the User
- Send S/MIME-Signed Email
- Separating Content
- Sequential Access to UI Components
- Suggestive Dialogues
- System’s Security Tasks
- The Absence of Indicators
- Track Received Keys
- Track Recipients
- Warn When Unsafe
Patterns are based on scientific sources.
Usable Security Pattern - Explicit User Audit
Luigi Lo Iacono, Peter Nehren
December 21, 2015
Explicit User Audit
| Name | Explicit User Audit |
| Sources | (Garfinkel, 2005) |
| Synonyms | None |
| Context | This is an application of the first and second Fair Information Practice principles to computer systems: 1. There must be no personal data record-keeping systems whose very existence is secret. 2. There must be a way for a person to find out what information about him- or herself is in a record and how it is used (United States Dept. of Health and Automated Personal Data Systems, 1973). |
| Problem | Without Explicit User Audit, there is no way for the user to determine if the system contains confidential information. |
| Solution | Allow the user to inspect all user-generated information stored in the system to see if information is present and verify that it is accurate. There should be no hidden data. |
| Examples | The “View Saved Passwords” button in Firefox allows the user to see both the saved Username and the password, although showing passwords requires that the user click a second button and enter the Firefox “master password” (if one has been set).  Source: (Garfinkel, 2005) |
| Implementation | Ensure that all content can be readily reached using the navigational tools provided by the system. All information on the disk should reside in the file system, not in the free list. All information in documents should be visible when the document is displayed. Ideally, information should be tagged to indicate when the information was acquired; this tag should also be displayed. If the amount of information in the system is large, a search facility should be provided. This pattern can be implemented either by never throwing out any information, or else by making sure that information deleted by the user is actually removed from the system using Complete Delete. |
| Consequences | The user can determine if confidential information is present inside the system. In the case of cookies, Explicit User Audit on the local computer may reveal the need for Explicit User Audit at remote web sites. |
| Dependencies | None |
| Relationships | [Explicit Item Delete] [Complete Delete] [Delayed Unrecoverable Action] |
| Principles | [Visibility] |
| Guidelines | None |
| Check lists | None |
| Use cases | None |
| Tags | Explicit User Audit, Explicit Item Delete, Complete Delete, Delayed Unrecoverable Action, Expectation Conformity, Controllability |
| Log history | [12/21/2015]: Added to repository |
References
Garfinkel, S.L., 2005. Design principles and patterns for computer systems that are simultaneously secure and usable (PhD thesis). Massachusetts Institute of Technology.
United States Dept. of Health, Education, Automated Personal Data Systems, W.S.A.C. on, 1973. Records, computers, and the rights of citizens: Report, DHEW publication, no. (oS) 73-94. U.S. Department of Health, Education; Welfare.