liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
User help techniques for usable security
Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
2007 (English)In: Proceedings of the 1st Symposium on Computer Human Interaction for Management of Information Technology (CHIMIT’07) ACM Press, Boston, MA, USA, New York: ACM , 2007Chapter in book (Other academic)
Abstract [en]

There are a number of security-critical applications such as personal firewalls, web browsers and e-mail clients, whose users have little or no security knowledge and are easily confused, even frustrated by menus, messages or dialog boxes that deal with security issues.

While there are evaluations of existing applications and proposals for new approaches or design guidelines for usable security applications, little effort has been invested in determining how applications can help users in security decisions and security tasks. The purpose of this work is to analyse conventional and security-specific user help techniques with regard to their usefulness in supporting lay users in security applications.

We analyse the following help techniques: online documentation, context-sensitive help, wizards, assistants, safe staging and social navigation, and complement these with the tempting alternative of built-in, hidden security. Criteria for the analysis are derived from the type of user questions that can arise in applications and from definitions of when a security application can be called usable.

Designers of security applications can use our analysis as general recommendations for when and how to use and combine user help techniques in security applications, but they can also use the analysis as a template. They can instantiate the template for their specific application to arrive at a concrete analysis of which user help techniques are most suitable in their specific case.

Place, publisher, year, edition, pages
New York: ACM , 2007.
Keyword [en]
on-line help, safe staging, social navigation, usable security, user help, wizard
National Category
Computer Science
URN: urn:nbn:se:liu:diva-14433DOI: 10.1145/1234772.1234787ISBN: 1-59593-635-6OAI: diva2:23498

Article No. 11

Available from: 2007-04-27 Created: 2007-04-27 Last updated: 2014-06-24Bibliographically approved
In thesis
1. Usable Security Policies for Runtime Environments
Open this publication in new window or tab >>Usable Security Policies for Runtime Environments
2007 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The runtime environments provided by application-level virtual machines such as the Java Virtual Machine or the .NET Common Language Runtime are attractive for Internet application providers because the applications can be deployed on any platform that supports the target virtual machine. With Internet applications, organisations as well as end users face the risk of viruses, trojans, and denial of service attacks. Virtual machine providers are aware of these Internet security risks and provide, for example, runtime monitoring of untrusted code and access control to sensitive resources.

Our work addresses two important security issues in runtime environments. The first issue concerns resource or release control. While many virtual machines provide runtime access control to resources, they do not provide any means of limiting the use of a resource once access is granted; they do not provide so-called resource control. We have addressed the issue of resource control in the example of the Java Virtual Machine. In contrast to others’ work, our solution builds on an enhancement to the existing security architecture. We demonstrate that resource control permissions for Java-mediated resources can be integrated into the regular Java security architecture, thus leading to a clean design and a single external security policy.

The second issue that we address is the usability

DiVA Web Form and security of the setup of security policies for runtime environments. Access control decisions are based on external configuration files, the security policy, which must be set up by the end user. This set-up is security-critical but also complicated and errorprone for a lay end user and supportive, usable tools are so far missing. After one of our usability studies signalled that offline editing of the configuration file is inefficient and difficult for end users, we conducted a usability study of personal firewalls to identify usable ways of setting up a security policy at runtime. An analysis of general user help techniques together with the results from the two previous studies resulted in a proposal of design guidelines for applications that need to set up a security policy. Our guidelines have been used for the design and implementation of the tool JPerM that sets the Java security policy at runtime. JPerM evaluated positively in a usability study and supports the validity of our design guidelines.

Place, publisher, year, edition, pages
Institutionen för datavetenskap, 2007
Linköping Studies in Science and Technology. Dissertations, ISSN 0345-7524 ; 1075
Information security, Usability, Java, Resource control, Virtual machine
National Category
Computer Science
urn:nbn:se:liu:diva-8809 (URN)978-91-85715-65-7 (ISBN)
Public defence
2007-05-29, Visionen, Hus B, Campus Valla, Linköpings universitet, Linköping, 10:15 (English)
Available from: 2007-04-27 Created: 2007-04-27 Last updated: 2009-04-29

Open Access in DiVA

No full text

Other links

Publisher's full textLink to Ph.D. Thesisfind book at a swedish library/hitta boken i ett svenskt bibliotek

Search in DiVA

By author/editor
Herzog, AlmutShahmehri, Nahid
By organisation
The Institute of TechnologyDatabase and information techniques
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 101 hits
ReferencesLink to record
Permanent link

Direct link