ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
User help techniques for usable security
Full text PdfPdf (377 KB)
Source Computer Human Interaction for the Management of Information Technology archive
Proceedings of the 2007 symposium on Computer human interaction for the management of information technology table of contents
Cambridge, Massachusetts
SESSION: Usability and security table of contents
Article No. 11  
Year of Publication: 2007
ISBN:1-59593-635-6
Authors
Almut Herzog  Linköpings universitet, Sweden
Nahid Shahmehri  Linköpings universitet, Sweden
Sponsor
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 11,   Downloads (12 Months): 94,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1234772.1234787
What is a DOI?

ABSTRACT

There are a number of security-critical applications such as personal firewalls, web browsers and e-mail clients, whose users have little or no security knowledge and are easily confused, even frustrated by menus, messages or dialog boxes that deal with security issues.

While there are evaluations of existing applications and proposals for new approaches or design guidelines for usable security applications, little effort has been invested in determining how applications can help users in security decisions and security tasks. The purpose of this work is to analyse conventional and security-specific user help techniques with regard to their usefulness in supporting lay users in security applications.

We analyse the following help techniques: online documentation, context-sensitive help, wizards, assistants, safe staging and social navigation, and complement these with the tempting alternative of built-in, hidden security. Criteria for the analysis are derived from the type of user questions that can arise in applications and from definitions of when a security application can be called usable.

Designers of security applications can use our analysis as general recommendations for when and how to use and combine user help techniques in security applications, but they can also use the analysis as a template. They can instantiate the template for their specific application to arrive at a concrete analysis of which user help techniques are most suitable in their specific case.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Ronald M. Baecker , Jonathan Grudin , William A. S. Buxton , Saul Greenberg, Human-computer interaction: toward the year 2000, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1995
2
Nicolas J. Belkin, Helping people find what they don't know, Communications of the ACM, v.43 n.8, p.58-61, Aug. 2000  [doi>10.1145/345124.345143]
3
John M. Carroll , Caroline Carrithers, Training wheels in a user interface, Communications of the ACM, v.27 n.8, p.800-806, Aug 1984  [doi>10.1145/358198.358218]
 
4
John M. Carroll , Mary Beth Rosson, Paradox of the active user, Interfacing thought: cognitive aspects of human-computer interaction, MIT Press, Cambridge, MA, 1987
 
5
Lorrie Cranor , Simson Garfinkel, Security and Usability, O'Reilly Media, Inc., 2005
 
6
A. Dieberger. Social connotations of space in the design for virtual communities and social navigation. In Höök et al. {17}, pages 293--313.
7
Paul DiGioia , Paul Dourish, Social navigation as a model for usable security, Proceedings of the 2005 symposium on Usable privacy and security, p.101-108, July 06-08, 2005, Pittsburgh, Pennsylvania  [doi>10.1145/1073001.1073011]
 
8
X. Faulkner. Usability Engineering. Macmillan Press Ltd, 2000.
 
9
I. Fléchais. Designing Secure and Usable Systems. PhD thesis, University College London, February 2005.
 
10
S. M. Furnell. Using security: easier said than done. Computer Fraud & Security, 2004(4):6--10, April 2004.
 
11
S. M. Furnell. Why users cannot use security. Computers & Security, 24(4):274--279, June 2005.
 
12
S. M. Furnell, A. Jusoh, and D. Katsabas. The challenges of understanding and using security: A survey of end users. Computers & Security, 25:27--35, 2006.
 
13
Wilbert O. Galitz, The Essential Guide to User Interface Design: An Introduction to GUI Design Principles and Techniques, John Wiley & Sons, Inc., New York, NY, 2002
 
14
Simson L. Garfinkel , David D. Clark , Robert C. Miller, Design principles and patterns for computer systems that are simultaneously secure and usable, Massachusetts Institute of Technology, Cambridge, MA, 2005
 
15
D. Gerd tom Markotten. Benutzbare Sicherheit in informationstechnischen Systemen. Rhombos Verlag, Berlin, 2004. ISBN 3-937231-06-4.
16
William C. Hill , James D. Hollan , Dave Wroblewski , Tim McCandless, Edit wear and read wear, Proceedings of the SIGCHI conference on Human factors in computing systems, p.3-9, May 03-07, 1992, Monterey, California, United States  [doi>10.1145/142750.142751]
 
17
K. Höök, D. Benyon, and A. J. Munro. Designing information spaces: the social navigation approach. Springer-Verlag, 2003.
 
18
Shari L. Jackson , Joseph Krajcik , Elliot Soloway, The design of guided learner-adaptable scaffolding in interactive learning environments, Proceedings of the SIGCHI conference on Human factors in computing systems, p.187-194, April 18-23, 1998, Los Angeles, California, United States  [doi>10.1145/274644.274672]
19
Johndan Johnson-Eilola, Little machines: understanding users understanding interfaces, ACM Journal of Computer Documentation (JCD), v.25 n.4, November 2001  [doi>10.1145/586569.586571]
 
20
J. Johnston, J. H. P. Eloff, and L. Labuschagne. Security and human computer interfaces. Computers & Security, 22(8):675--684, December 2003.
 
21
Soren Lauesen, User Interface Design: A Software Engineering Perspective, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2005
22
Nancy G. Leveson, Safeware: system safety and computers, ACM, New York, NY, 1995
 
23
Theo Mandel, The elements of user interface design, John Wiley & Sons, Inc., New York, NY, 1997
 
24
Roy A. Maxion , Robert W. Reeder, Improving user-interface dependability through mitigation of human error, International Journal of Human-Computer Studies, v.63 n.1-2, p.25-50, July 2005  [doi>10.1016/j.ijhcs.2005.04.009]
 
25
Jakob Nielsen, Usability Engineering, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1993
 
26
Jakob Nielsen, Heuristic evaluation, Usability inspection methods, John Wiley & Sons, Inc., New York, NY, 1994
 
27
Jakob Nielsen , Robert L. Mack, Usability inspection methods, John Wiley & Sons, Inc., New York, NY, 1994
28
Lori Phelps, Active documentation: wizards as a medium for meeting user needs, Proceedings of the 15th annual international conference on Computer documentation, p.207-210, October 19-22, 1997, Salt Lake City, Utah, United States  [doi>10.1145/263367.263394]
 
29
M. A. Sasse , S. Brostoff , D. Weirich, Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security, BT Technology Journal, v.19 n.3, p.122-131, July 2001  [doi>10.1023/A:1011902718709]
 
30
B. Shneiderman and C. Plaisant. Designing the User Interface. Addison Wesley, 4th edition, 2004.
 
31
T. Straub and H. Baier. A framework for evaluating the usability and the utility of PKI-enabled applications. In S. K. Katsikas, S. Gritzalis, and J. Lopez, editors, Proceedings of the European PKI Workshop: Research and Applications (EuroPKI'04), LNCS 3093, pages 112--125. Springer-Verlag, June 2004.
 
32
Jenifer Tidwell, Designing Interfaces, O'Reilly Media, Inc., 2005
 
33
M. Virvou and K. Kabassi. Intelligent help in a graphical user interface. In Proceedings of the International Conference on Systems, Man and Cybernetics, pages 170--175. IEEE, October 2002.
 
34
Michael E. Whitman , Herbert J. Mattord, Principles of Information Security, Course Technology Press, 2004
 
35
A. Whitten. Making Security Usable. PhD thesis, School of Computer Science, Carnegie Mellon University, May 2004. CMU-CS-04-135.
 
36
A. Whitten and J. Tygar. Safe staging for computer security. In Proceedings of the CHI2003 Workshop on Human-Computer Interaction and Security Systems. http://www.andrewpatrick.ca/CHI2003/HCISEC/hcisec-workshop-whitten.pdf (visited 21-Jul-2005), April 2003.
 
37
Alma Whitten , J. D. Tygar, Why Johnny can't encrypt: a usability evaluation of PGP 5.0, Proceedings of the 8th conference on USENIX Security Symposium, p.14-14, August 23-26, 1999, Washington, D.C.
 
38
A. Wool. The use and usability of direction-based filtering in firewalls. Computers & Security, 23(6):459--468, September 2004.
39
Haidong Xia , José Carlos Brustoloni, Hardening Web browsers against man-in-the-middle and eavesdropping attacks, Proceedings of the 14th international conference on World Wide Web, May 10-14, 2005, Chiba, Japan  [doi>10.1145/1060745.1060817]
 
40
Ka-Ping Yee, User Interaction Design for Secure Systems, Proceedings of the 4th International Conference on Information and Communications Security, p.278-290, December 09-12, 2002
 
41
K.-P. Yee. Guidelines and strategies for secure interaction design. In Cranor and Garfinkel {5}.

CITED BY  3
Pooya Jaferian , David Botta , Fahimeh Raja , Kirstie Hawkey , Konstantin Beznosov, Guidelines for designing IT security management tools, Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology, November 14-15, 2008, San Diego, California
Jeremy Goecks , W. Keith Edwards , Elizabeth D. Mynatt, Challenges in supporting end-user privacy and security management with social navigation, Proceedings of the 5th Symposium on Usable Privacy and Security, July 15-17, 2009, Mountain View, California
Fahimeh Raja , Kirstie Hawkey , Konstantin Beznosov, Revealing hidden context: improving mental models of personal firewall users, Proceedings of the 5th Symposium on Usable Privacy and Security, July 15-17, 2009, Mountain View, California

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
          Subjects: Evaluation/methodology

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
          Subjects: Training, help, and documentation

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.3 Software Management
          Subjects: Software development
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Design, Human Factors, Security


Keywords:
on-line help, safe staging, social navigation, usable security, user help, wizard

Collaborative Colleagues:
Almut Herzog: colleagues
Nahid Shahmehri: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player