skip to main content
10.1145/1073001.1073004acmotherconferencesArticle/Chapter ViewAbstractPublication PagessoupsConference Proceedingsconference-collections
Article

Two experiences designing for effective security

Published: 06 July 2005 Publication History

Abstract

In our research, we have been concerned with the question of how to make relevant features of security situations visible to users in order to allow them to make informed decisions regarding potential privacy and security problems, as well as regarding potential implications of their actions. To this end, we have designed technical infrastructures that make visible the configurations, activities, and implications of available security mechanisms. This thus allows users to make informed choices and take coordinated and appropriate actions when necessary. This work differs from the more traditional security usability work in that our focus is not only on the usability of security mechanism (e.g., the ease-of-use of an access control interface), but how security can manifest itself as part of people's interactions with and through information systems (i.e., how people experience and interpret privacy and security situations, and are enabled or constrained by existing technological mechanisms to act appropriately). In this paper, we report our experiences designing, developing, and testing two technical infrastructures for supporting this approach for usable security.

References

[1]
Carzaniga, A., Rosenblum, D. S., and Wolf, A. L. 2001. Design and Evaluation of a Wide-Area Event Notification Service. ACM Transactions on Computer Systems, August, Vol. 19 Issue 3, pp. 332--383.]]
[2]
Denning, D. 1987. An Intrusion-Detection Model. IEEE Trans. Software Engineering, 13(2), 222--232.]]
[3]
de Paula, R. (2004). The construction of usefulness: How users and context create meaning with a social networking system. Unpublished Unpublished Ph.D. Dissertation, University of Colorado at Boulder, Boulder, CO.]]
[4]
de Paula, R., Ding, X., Dourish, P., Nies, K., Pillet, B., Redmiles, D., et al. (2005). In the eye of the beholder: A visualization-base approach to information system security. International Journal of Human-Computer Studies (to appear).]]
[5]
Dourish, P., & Anderson, K. (2005). Privacy, security ... and risk and danger and secrecy and trust and identity and morality and power: Understanding collective information practices: Irvine, CA: Institute for Software Research. Technical Report UCI-ISR-05-1.]]
[6]
Dourish, P. and Byttner, J. (2002). A Visual Virtual Machine for Java Programs: Exploration and Early Experiences. Proceedings of the ICDMS Workshop on Visual Computing (Redwood City, CA).]]
[7]
Dourish, P., Grinter, R., Delgado de la Flor, J., and Joseph, M. (2004). Security in the Wild: User Strategies for Managing Security as an Everyday, Practical Problem. Personal and Ubiquitous Computing, 8(6), 391--401.]]
[8]
Dourish, P. and Redmiles, D. (2002). An Approach to Usable Security Based on Event Monitoring and Visualization. Proceedings of the New Security Paradigms Workshop 2002 (Virginia Beach, VA). New York: ACM.]]
[9]
Goland, Y., Whitehead, E., Faizi, A., Carter, S. and Jensen, D., 1999. HTTP Extensions for Distributed Authoring - WEBDAV. Internet Engineering Task Force, Internet Proposed Standard Request for Comments 2518, February.]]
[10]
Good, N., and Krekelberg, A. 2003. Usability and Privacy: A study of Kazaa P2P file-sharing. Proc. ACM Conf. Human Factors in Computing Systems CHI 2003 (Ft Lauderdale, FL). New York: ACM.]]
[11]
Henning, R. 1999. Security Service Level Agreements: Quantifiable Security for the Enterprise? New Security Paradigm Workshop (Ontario, Canada), 54--60. IEEE.]]
[12]
Irvine, C. and Levin, T. 1999. Towards a Taxonomy and Costing Method for Security Services. Proc. 15th Annual Computer Security Applications Conference. IEEE.]]
[13]
Irvine, C. and Levin, T. 2001. Quality of Security Service. Proc. ACM New Security Paradigms Workshop, 91--99.]]
[14]
Kantor, M., Redmiles, D. 2001. Creating an Infrastructure for Ubiquitous Awareness, Eight IFIP TC 13 Conference on Human-Computer Interaction (INTERACT 2001---Tokyo, Japan), 431--438.]]
[15]
Lunt, T. and Jagannathan. 1988. A Prototype Real-Time Intrusion-Detection Export System. Proc. IEEE Symposium on Security and Privacy, 59--66. New York: IEEE.]]
[16]
Orlikowski, W. J., & Gash, D. C. (1994). Technological frames: Making sense of information technology in organizations. ACM Transactions on Information Systems (TOIS), 12(2), 174--207.]]
[17]
Palen, L. and P. Dourish (2003). Unpacking "privacy" for a networked world. Proceedings of the SIGCHI conference on Human factors in computing systems, Ft. Lauderdale, Florida, USA, ACM Press.]]
[18]
Segall, B. and Arnold, D. (1997). Elvin has left the building: A publish/subscribe notification service with quenching Proceedings AUUG97 (Brisbane, Australia).]]
[19]
Sheehan, K. 2002. Towards a Typology of Internet Users and Online Privacy Concerns. The Information Society, 18, 21--23.]]
[20]
Silva Filho R. S., De Souza C. R. B., and Redmiles D. F.(2003). The Design of a Configurable, Extensible and Dynamic Notification Service. Proc. Second International Workshop on Distributed Event-Based Systems (DEBS'03).]]
[21]
Spyropoulou, E., Levin, T., and Irvine, C. 2000. Calculating Costs for Quality of Security Service. Proc. 16th Computer Security Applications Conference. IEEE.]]
[22]
Tatar, D., Foster, G., and Bobrow, D. (1991). Designing for Conversation: Lessons from Cognoter. International Journal of Man-Machine Studies, 34, 185--209.]]
[23]
Thomsen, D. and Denz, M. 1997. Incremental Assurance for Multilevel Applications. Proc. 13th Annual Computer Security Applications Conference. IEEE.]]
[24]
Whitten, A. and Tygar, J.D. 1999. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Proc. Ninth USENIX Security Symposium.]]
[25]
Zurko, M. E. and Simon, R. 1996. User-Centered Security. Proc. New Security Paradigms Workshop. ACM.]]

Cited By

View all
  • (2021)Warning users about cyber threats through soundsSN Applied Sciences10.1007/s42452-021-04703-43:7Online publication date: 29-Jun-2021
  • (2021)Help the User Recognize a Phishing Scam: Design of Explanation Messages in Warning Interfaces for Phishing AttacksHCI for Cybersecurity, Privacy and Trust10.1007/978-3-030-77392-2_26(403-416)Online publication date: 3-Jul-2021
  • (2016)Connection Cartographer: Geographically Representing Host-Based Network Connections in Real-Time with a Focus on Usability2016 International Conference on Collaboration Technologies and Systems (CTS)10.1109/CTS.2016.0062(294-301)Online publication date: Oct-2016
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SOUPS '05: Proceedings of the 2005 symposium on Usable privacy and security
July 2005
123 pages
ISBN:1595931783
DOI:10.1145/1073001
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 July 2005

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. YANCEES
  2. effective security
  3. event-based architecture
  4. impromptu
  5. peer-to-peer file-sharing application
  6. privacy practices
  7. theoretical security
  8. usable security
  9. vavoom
  10. visualization

Qualifiers

  • Article

Acceptance Rates

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)12
  • Downloads (Last 6 weeks)2
Reflects downloads up to 22 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2021)Warning users about cyber threats through soundsSN Applied Sciences10.1007/s42452-021-04703-43:7Online publication date: 29-Jun-2021
  • (2021)Help the User Recognize a Phishing Scam: Design of Explanation Messages in Warning Interfaces for Phishing AttacksHCI for Cybersecurity, Privacy and Trust10.1007/978-3-030-77392-2_26(403-416)Online publication date: 3-Jul-2021
  • (2016)Connection Cartographer: Geographically Representing Host-Based Network Connections in Real-Time with a Focus on Usability2016 International Conference on Collaboration Technologies and Systems (CTS)10.1109/CTS.2016.0062(294-301)Online publication date: Oct-2016
  • (2014)Awareness of behavioral tracking and information privacy concern in Facebook and GoogleProceedings of the Tenth USENIX Conference on Usable Privacy and Security10.5555/3235838.3235843(51-67)Online publication date: 9-Jul-2014
  • (2014)Using personal examples to improve risk communication for security & privacy decisionsProceedings of the SIGCHI Conference on Human Factors in Computing Systems10.1145/2556288.2556978(2647-2656)Online publication date: 26-Apr-2014
  • (2013)User Perceptions of Security TechnologiesPrivacy Solutions and Security Frameworks in Information Protection10.4018/978-1-4666-2050-6.ch005(70-81)Online publication date: 2013
  • (2011)User Perceptions of Security TechnologiesInternational Journal of Information Security and Privacy10.4018/jisp.20110401015:2(1-12)Online publication date: 1-Apr-2011
  • (2009)Revealing hidden contextProceedings of the 5th Symposium on Usable Privacy and Security10.1145/1572532.1572534(1-12)Online publication date: 15-Jul-2009
  • (2009)Secure asynchronous communication for mobile devicesProceedings of the Warm Up Workshop for ACM/IEEE ICSE 201010.1145/1527033.1527036(5-8)Online publication date: 1-Apr-2009
  • (2009)Towards improving mental models of personal firewall usersCHI '09 Extended Abstracts on Human Factors in Computing Systems10.1145/1520340.1520712(4633-4638)Online publication date: 4-Apr-2009
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media