Patterns
- Active Warnings
- Attractive Options
- Complete Delete
- Conveying Threats & Consequences
- Create a Security Lexicon
- Create Keys When Needed
- Delayed Unrecoverable Action
- Detailed Notifications About Security
- Direct Access to UI Components
- Disable by Default
- Disable of Services
- Disclose Significant Deviations
- Distinguish Between Run and Open
- Distinguish Internal Senders
- Distinguish Security Levels
- Email-Based Identification and Authentication
- Explicit Item Delete
- Explicit User Audit
- Failing Safely
- General Notifications About Security
- Immediate Notifications
- Immediate Options
- Indirect Access to UI Components
- Informative Dialogues
- Install Before Execute
- Key Continuity Management
- Levels of Severity
- Leverage Existing Identification
- Localization of Specific Areas
- Migrate and Backup Keys
- Noticeable Contextual Indicators
- Providing Recommendations
- Quick Description of UI Components
- Redundant Notifications
- Reset to Installation
- Restricted Areas Notification
- Security Features Used by the System
- Security Features Used by the User
- Send S/MIME-Signed Email
- Separating Content
- Sequential Access to UI Components
- Suggestive Dialogues
- System’s Security Tasks
- The Absence of Indicators
- Track Received Keys
- Track Recipients
- Warn When Unsafe
Patterns are based on scientific sources.
Usable Security Pattern - Reset to Installation
Luigi Lo Iacono, Peter Nehren
December 21, 2015
Reset to Installation
| Name | Reset to Installation |
| Sources | (Garfinkel, 2005) |
| Synonyms | None |
| Context | There should be a simple way to remove personal information from a computer before ownership is transferred. Computers set up for use by the public (e.g., in libraries) should have a simple way to be sanitized on a regular basis. Sadly, many computer systems do not provide complete reset. For example, the GPS systems and cell phones rented with many cars do not, making it possible for later renters to learn personal information about previous renters (Norman, 1997). |
| Problem | How to provide complete reset in computer systems? |
| Solution | Provide a means for removing all personal or private information associated with an application or operating system in a single, confirmed, and ideally delayed operation. |
| Examples | Apple Safari has a “Reset Safari” feature, although Safari does not perform Complete Delete when the files are deleted.  Source: (Garfinkel, 2005) |
| Implementation Systems may offer diff | The system needs to distinguish between user-created data and operating system information. When Reset to Installation is invoked, information that is user-created is deleted. erent kinds of Reset to Installation: user reset within an application; user reset for all applications; and user reset of the system, which removes both user-data and application programs that are not part of the base system. |
| Consequences | This pattern vastly simplifies the process of removing personal information from a computer system when a person is finished using it—either in a kiosk situation, or because a piece of equipment is being sold. This pattern also makes it easy to comply with copyright law and software license restrictions. |
| Dependencies | None |
| Relationships | [Complete Delete] [Delayed Unrecoverable Action] |
| Principles | [Path of Least Resistance] [Least Surprise] |
| Guidelines | None |
| Check lists | None |
| Use cases | None |
| Tags | Reset to Installation, Complete Delete, Delayed Unrecoverable Action, Confidentiality, Controllability, Support |
| Log history | [12/21/2015]: Added to repository |
References
Garfinkel, S.L., 2005. Design principles and patterns for computer systems that are simultaneously secure and usable (PhD thesis). Massachusetts Institute of Technology.
Norman, D., 1997. Privacy and car navigational systems. The Risks Digest 19.