Skip to main content
SpringerLink
Log in

User Interaction Design for Secure Systems

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2513))

Included in the following conference series:

Abstract

The security of any system that is configured or operated by human beings depends on the information conveyed by the user interface, the decisions of the users, and the interpretation of their actions. This paper establishes some starting points for reasoning about security from a user-centred perspective: it proposes to model systems in terms of actors and actions, and introduces the concept of the subjective actor-ability state. Ten principles for secure interaction design are identified; examples of real-world problems illustrate and justify the principles.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. A. Adams and M. A. Sasse. Users are Not the Enemy. In Communications of the ACM (Dec 1999), p. 40–46.

    Google Scholar 

  2. B. Bruce and D. Newman. Interacting Plans. In Readings in Distributed Artificial Intelligence. Morgan Kaufmann (1988), p. 248–267.

    Google Scholar 

  3. Combex. E and CapDesk: POLA for the Distributed Desktop. http://www.combex.com/tech/edesk.html.

  4. D. Dennett. The Intentional Stance. MIT Press (1987).

    Google Scholar 

  5. ERights.org: Open Source Distributed Capabilities. http://www.erights.org/.

  6. J. J. Gibson. The Ecological Approach to Visual Perception. Houghton Mifflin (1979), p. 127 (excerpt, http://www.alamut.com/notebooks/a/affordances.html).

  7. S. Garfinkel and G. Spafford. Practical UNIX and Internet Security. O’Reilly (1996).

    Google Scholar 

  8. N. Hardy. The KeyKOS Architecture. In Operating Systems Review, 19(4)8–25.

    Google Scholar 

  9. N. Hardy. The Confused Deputy. In Operating Systems Review, 22(4)36–38.

    Google Scholar 

  10. U. Holmström. User-centered design of secure software. In Proceeedings of the 17th Symposium on Human Factors in Telecommunications (May 1999), Denmark.

    Google Scholar 

  11. D. Ingalls. Design Principles Behind Smalltalk. In BYTE Magazine (Aug 1981).

    Google Scholar 

  12. U. Jendricke and D. Gerd tom Markotten. Usability meets Security: The Identity-Manager as your Personal Security Assistant for the Internet. In Proceedings of the 16th Annual Computer Security Applications Conference (Dec 2000).

    Google Scholar 

  13. C.-M. Karat. Iterative Usability Testing of a Security Application. In Proceedings of the Human Factors Society 33rd Annual Meeting (1989).

    Google Scholar 

  14. K. Karvonen. Creating Trust. In Proceedings of the Fourth Nordic Workshop on Secure IT Systems (Nov 1999), p. 21–36.

    Google Scholar 

  15. M. S. Miller, C. Morningstar, and B. Frantz. Capability-Based Financial Instruments. In Proceedings of the 4th Conference on Financial Cryptography (2000).

    Google Scholar 

  16. W. S. Mosteller and J. Ballas. Usability Analysis of Messages from a Security System. In Proceedings of the Human Factors Society 33rd Annual Meeting (1989).

    Google Scholar 

  17. Microsoft. Bulletin MS98-010: Information on the “Back Orifice“ Program. http://www.microsoft.com/technet/security/bulletin/ms98-010.asp (Aug 1998).

  18. J. Nielsen. Enhancing the explanatory power of usability heuristics. In Proceedings of the ACM CHI Conference (1994), p. 152–158.

    Google Scholar 

  19. D. A. Norman. The Psychology of Everyday Things. New York: Basic Books (1988).

    Google Scholar 

  20. C. Nass, J. Steuer, and E. Tauber. Computers are Social Actors. In Proceedings of the ACM CHI Conference (1994), p. 72–78 (see http://cyborganic.com/People/jonathan/Academia/Papers/Web/casa-chi-94.html).

  21. J. H. Saltzer and M. D. Schroeder. The Protection of Information in Computer Systems. In Proceedings of the IEEE, 63(9)1278–1308 (see http://web.mit.edu/Saltzer/www/publications/protection/).

  22. J. Shapiro, J. Smith, and D. Farber. EROS: A Fast Capability System. In Proceedings of the 17th ACM Symposium on Op. Sys. Principles (Dec 1999).

    Google Scholar 

  23. M. Wertheimer. Untersuchungen zur Lehre von der Gestalt II. In Psychologische Forschung, 4, p. 301–350. Translation “Laws of organization in perceptual forms” in W. D. Ellis, A Sourcebook of Gestalt Psychology, Routledge & Kegan Paul (1938), p. 71–88 (see http://psychclassics.yorku.ca/Wertheimer/Forms/forms.htm).

    Article  Google Scholar 

  24. A. Whitten and J. D. Tygar. Why Johnny can’t encrypt. In Proceedings of the 8th USENIX Security Symposium (Aug 1999).

    Google Scholar 

  25. M. E. Zurko, R. Simon, and T. Sanfilippo. A User-Centered, Modular Authorization Service Built on an RBAC Foundation. In Proceedings of IEEE Symposium on Research in Security and Privacy (May 1999), p. 57–71.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of California, Berkeley

    Ka-Ping Yee

Authors
  1. Ka-Ping Yee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Labs for Information Technology, 21 Heng Mui Keng Terrace, Singapore, 119613

    Robert Deng , Feng Bao  & Jianying Zhou ,  & 

  2. Engineering Research Center for Information Security Technology, Chinese Academy of Sciences, P.O. Box 8718, Beijing, 100080, China

    Sihan Qing

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yee, KP. (2002). User Interaction Design for Secure Systems. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds) Information and Communications Security. ICICS 2002. Lecture Notes in Computer Science, vol 2513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36159-6_24

Download citation

  • DOI: https://doi.org/10.1007/3-540-36159-6_24

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00164-5

  • Online ISBN: 978-3-540-36159-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation