Bringing the User Back into Control: A New Paradigm for Usability in Highly Dynamic Systems

  • Sebastian Höhn
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4083)


The contribution of this paper is twofold. On the one hand, we report on the results of our investigation of different categories of usability issues. On the other hand, we introduce the ideas of context descriptive security models as a means of mastering the usability challenges of highly dynamic systems. Modern computer systems are involved in many situations of our daily lives. This means that newly deployed systems must be carefully designed in order to be correctly used by laypersons. The scenario we introduce shows that it is no longer feasible to argue that users must be educated in order to correctly operate these systems. As soon as such a system is deployed, for example, in a supermarket, the education-barrier will not be accepted: neither by the customer nor by the provider.


Security Level Security Model Security Mechanism Usability Problem Usability Issue 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    METRO AG: Metro’s future store initiative (2006),
  2. 2.
    Dix, A.J., Finlay, J.E., Abowd, G.D., Beale, R.: Human Computer Interaction, 2nd edn. Prentice-Hall, Englewood Cliffs (1998)Google Scholar
  3. 3.
    CASPIAN: Consumers Against Supermarket Privacy Invasion and Numbering (2006),
  4. 4.
    Kaiser, J., Reichenbach, M.: Evaluating security tools towards usable security. In: Proceedings of the 17th IFIP World Computer Congress (WCC 2002) (2002)Google Scholar
  5. 5.
    Markotten, D.G.T.: Benutzbare Sicherheit in informationstechnischen Systemen. PhD thesis, Albert-Ludwigs-University Freiburg (2003)Google Scholar
  6. 6.
    Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In: 8th USENIX Security Symposium (1999)Google Scholar
  7. 7.
    Zurko, M.E., Simon, R.T.: User-centered security. In: NSPW 1996: Proceedings of the 1996 workshop on New security paradigms, pp. 27–33. ACM Press, New York (1996)CrossRefGoogle Scholar
  8. 8.
    Flechais, I., Sasse, M.A.: Developing secure and usable software. In: Workshop on Human-Computer Interaction and Security Systems. ACM Press, New York (2003)Google Scholar
  9. 9.
    Hilty, M., Basin, D., Pretschner, A.: On obligations. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 98–117. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    DiGioia, P., Dourish, P.: Social navigation as a model for usable security. In: SOUPS 2005: Proceedings of the 2005 Symposium on Usable Privacy and Security, pp. 101–108. ACM Press, New York (2005)CrossRefGoogle Scholar
  11. 11.
    Dourish, P., Redmiles, D.: An approach to usable security based on event monitoring and visualization. In: NSPW 2002: Proceedings of the 2002 Workshop on New Security Paradigms, pp. 75–81. ACM Press, New York (2002)CrossRefGoogle Scholar
  12. 12.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: SP 2002: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 273. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
  13. 13.
    Dacier, M., Deswarte, Y., Kaâniche, M.: Models and tools for quantitative assessment of operational security. In: Information systems security: facing the information society of the 21st century, pp. 177–186. Chapman & Hall, Ltd., London (1996)Google Scholar
  14. 14.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: CCS 2002: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217–224. ACM Press, New York (2002)CrossRefGoogle Scholar
  15. 15.
    Accorsi, R.: On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems. In: Proceedings of the International Information Security Conference Security and Privacy in Dynamic Environments (2006)Google Scholar
  16. 16.
    Accorsi, R., Hohl, A.: Delegating secure logging in pervasive computing systems. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 58–72. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sebastian Höhn
    • 1
  1. 1.Albert-Ludwigs University FreiburgFreiburgGermany

Personalised recommendations