Datenschutz und Datensicherheit - DuD

, Volume 34, Issue 11, pp 773–782 | Cite as

Usable Security und Privacy

  • Simone Fischer-Hübner
  • Luigi Lo Iacono
  • Sebastian Möller


Bedienbarkeit, Verständlichkeit und Akzeptanz von Schutzmechanismen stehen bei deren Entwicklung in der Regel nicht im Vordergrund — obwohl sie nachweislich einen erheblichen Einfluss auf das (sicherheitsadäquate) Verhalten der Nutzer haben. Die Autoren geben einen überblick über die bisherigen Ansätze auf dem Gebiet „Usable Security and Privacy“ und zeigen den weiteren Forschungs- und Entwicklungsbedarf auf.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ACCF+05]
    C. Andersson, J. Camenisch, S. Crane, S. Fischer-Hubner, R. Leenes, S. Pearson, J.S. Pettersson, D. Sommer: Trust in PRIME. Proceedings of the 5th IEEE Int. Symposium on Signal Processing and IT, December 18–21, 2005, Athens, Greece.Google Scholar
  2. [AMME09]
    N.B. Asher, J. Meyer, S. Moller, R. Englert: An Experimental System for Studying the Tradeoff between Usability and Security, in: Security and Usability (SECUSAB09), Workshop in the context of the Forth International Conference on Availability, Reliability and Security (AreS 2009), 16–19 Mar., Fukuoka, 2009.Google Scholar
  3. [Art29]
    ARTIKEL 29-DATENSCHUTZGRUPPE, 11987/04/DE WP 100, Stellungnahme 10/2004 zu einheitlicheren Bestimmungen uber Informationspflichten angenommen am 25. November 2004Google Scholar
  4. [BGB04]
    N. Borisov, I. Goldberg, E. Brewer: Off-the-Record Communication, or, Why Not To Use PGP, Workshop on Privacy in the Electronic Society (WPES 2004), 2004.Google Scholar
  5. [CardSpace]
    D. Chappell, Introducing Windows CardSpace, MSDN Article, April 2006. Online verfugbar unter:
  6. [CC09]
    The Common Criteria for Information Technology Security Evaluation, Version 3.1, Juli 2009. Online verfugbar unter:
  7. [CL01]
    J. Camenisch, A. Lysyanskaya: Efficient nontransferable anonymous multi-show credential system with optional anonymity revocation. In Advances in Cryptology — Eurocrypt 2001, volume 2045, pages 93–118, 2001.CrossRefGoogle Scholar
  8. [CWE2010]
    2010 CWE/SANS Top 25 Most Dangerous Programming Errors:
  9. [DD08]
    R. Dhamija, L. Dusseault: The Seven Flaws of Identity Management: Usability and Security Challenges. IEEE Security and Privacy, vol. 6, no. 2, pp. 24–29, Mar/Apr, 2008.CrossRefGoogle Scholar
  10. [DTH06]
    R. Dhamija, J. D. Tygar, M. Hearst: Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 2006.Google Scholar
  11. [DW08]
    A. Dey, S. Weis: Keyczar: A Cryptographic Toolkit, Technical Design Report, 2008. Available online at:
  12. [ECH08]
    S. Egelman, L. Cranor, J. Hong: You’ve Been Warned: An Empirical Study of the Effectiveness of Web browser Phishing Warnings. CH 2008 Proceedings, Florence/Italy, April 5–10, 2008Google Scholar
  13. [GK03]
    N. S. Good, A. Krekelberg: Usability and Privacy: A Study of Kazaa P2P File Sharing, in Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI 2003), pp. 137–144, 2003.Google Scholar
  14. [FFL09]
    S.Fischer-Hubner, S. Furnell, C. Lambrinoudakis, Exploring Trust, Security and Privacy in Digital Business, Transactions on Large Scale Data and Knowledge Centered Systems, Vol.1, No.1, published by Springer Verlag within the LNCS journal subline 5729, September 2009.Google Scholar
  15. [FHN09]
    S. Fischer-Hubner, J. Nilsson. Trust and Assurance Control — UI Prototypes. PrimeLife Project Deliverable D4.2.1, June 2009.Google Scholar
  16. [FML+01]
    B. Fogg, J. Marshall, O. Laraki, A. Osipovich, C. Varma, N. Fang, J. Paul, A. Rangekar, J. Shon, P. Swani, M. Treinen: What makes web sites credible? a report on a large quantitative study. In Proceedings of the SIGCHI Conference on in Computing Systems, Seattle, 2001.Google Scholar
  17. [GL10b]
    N. Gruschka, L. Lo Iacono: Password Visualization Beyond Password Masking, INC 2010.Google Scholar
  18. [GL10b]
    N. Gruschka, L. Lo Iacono: Security for XML Data Binding, CMS 2010, 2010.CrossRefGoogle Scholar
  19. [GS83]
    D. Gentner, A.L. Stevens. Mental Models. Hillsdale NJ: Lawrence Erlenbaum Associates, 1983.Google Scholar
  20. [H07]
    A. Herzog: Usable Security Policies for Runtime Environments, Linkoping Studies in Science and Technology, Dissertation No. 1075, 2007. Online verfugbar unter:
  21. [I10]
    Imperva Application Defense Center: Consumer Password Worst Practices. Imperva 2010. Online verfugbar unter:
  22. [InfoCard]
    Information Card:
  23. [JavaSec]
    Java Security, Online available at:
  24. [JMMR+99]
    I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin: The Design and Analysis of Graphical Passwords, in Proceedings of the 8th USENIX Security Symposium, 1999.Google Scholar
  25. [JSTB07]
    C. Jackson, D. R. Simon, D. S. Tan, A. Barth: An evaluation of extended validation and picture-in-picture phishing attacks, 1st International Workshop on Usable Security, Heidelberg, 2007.Google Scholar
  26. [K89]
    C.-M. Karat: Iterative Usability Testing of a Security Application, in: Computer Systems: Approaches to User Interface Design. Proc. Of the Human Factors Society 33rd Annual Meeting, vol.1, pp.273–277, 1989.Google Scholar
  27. [L78]
    S. Lichtenstein, P. Slovic, B. Fischhoff, M. Layman, B. Combs. Judged frequency of lethal events. Journal of Experimental Psychology: Human Learning and Memory, 4, 551–578, 1978.Google Scholar
  28. [LLL+05]
    R. Leenes, M. Lips, R. Poels, M. Hoogwout, M. User aspects of Privacy and Identity Management in Online Environments: towards a theoretical model of social factors. in PRIME Framework V1 (chapter 9), Editors: S. Fischer-Hubner et al., PRIME project Deliverable D14.1.a, June 2005.Google Scholar
  29. [M05]
    T. Moses: Extensible access control markup language (XACML) version 2.0, 2005. OASIS Standard.Google Scholar
  30. [M08]
    R. Marty: Applied Security Visualization, Addison-Wesley Professional, 2008.Google Scholar
  31. [N09]
    J. Nielsen: Stop Password Masking.
  32. [N93]
    J. Nielsen: Usability Engineering, Morgan Kaufmann Publisher Inc., 1993.CrossRefGoogle Scholar
  33. [OpenSocial]
  34. [PFDN+05]
    J.S. Pettersson, S. Fischer-Hubner, N. Danielsson, J. Nilsson, M. Bergmann, S. Claus, Th. Kriegelstein, H. Krasemann: Making PRIME usable. SOUPS 2005 Symposium on Usable Privacy and Security, Carnegie Mellon University, July 6–8 July, 2005, Pittsburgh.Google Scholar
  35. [PK03]
    A.S. Patrick, S. Kenny: From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interaction. Privacy Enhancing Technologies Workshop (PET2003), Dresden/Germany, 2003.CrossRefGoogle Scholar
  36. [PLF03]
    A.S. Patrick, A.C. Long, S. Flinn: HCI and Security Systems, ACM SIGCHI Conference on Human Factors in Computing Systems (CHI 2003), Extended Abstracts (Workshops), 2003.Google Scholar
  37. [S00]
    L. Sjoberg: Factors in Risk Perception, Risk Analysis 20(1), pp. 1–12, 2000.CrossRefGoogle Scholar
  38. [S07]
    P. Schaar: Tatigkeitsbericht zum Datenschutz fur die Jahre 2007 und 2008, April 2009. Online verfugbar unter:
  39. [S09]
    B. Schneier: The Pros and Cons of Password Masking.
  40. [S67]
    R.N. Shepard: Recognition Memory for Words, Sentences, and Pictures, Journal of Verbal Learning and Verbal Behavior, vol. 6, pp. 156–163, 1967.CrossRefGoogle Scholar
  41. [SC07]
    M. Stepp, Ch. Collberg: Browser-based Anti-Phishing Tools. In: Phishing and Countermeasures. Editors: Markus Jakobsson und Steven Myers, John Wiley & Sons, Inc. 2007.Google Scholar
  42. [SEAA+09]
    J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, L. F. Cranor: Crying Wolf: An Empirical Study of SSL Warning Effectiveness, in Proceedings of the 18th USENIX Security Symposium, 2009. Online verfugbar unter:
  43. [SH04]
    C. Sandom, R. S. Harvey (Ed.): Human Factors for Engineers, The Institution of Engineering and Technology, 2004.Google Scholar
  44. [SPARCLE]
  45. [SYG08]
    R. Stedman, K. Yoshida, I. Goldberg: A User Study of Off-the-Record Messaging, SOUPS Symposium on Usable Privacy and Security, Carnegie Mellon University, 2008, Pittsburgh.Google Scholar
  46. [SZO05]
    X. Suo, Y. Zhu, G S. Owen: Graphical Passwords: A Survey, 21st 2005 Annual Computer Security Applications Conference (ACSAC), 2005.Google Scholar
  47. [UMU-XACML]
  48. [VZ09]
    VZ-Netzwerke prasentieren einmaliges OpenSocial Konzept mit umfassender Datenschutzlosung:
  49. [WMG07]
    M. Wu, R. Miller, S. Garfinkel: Do Browser Toolbars Actually Prevent Phishing? In: Phishing and Countermeasures. Editors: Markus Jakobsson und Steven Myers, John Wiley & Sons, Inc. 2007.Google Scholar
  50. [WT99]
    A. Whitten, J.D. Tygar: Why Jonny can’t encrypt. A usability evaluation of PGP 5.0. Proceedings of the 8th Usenix Security Symposium. S. 164–184, 1999.Google Scholar

Copyright information

© Springer Fachmedien Wiesbaden 2010

Authors and Affiliations

  • Simone Fischer-Hübner
  • Luigi Lo Iacono
  • Sebastian Möller

There are no affiliations available

Personalised recommendations