User Interaction Design for Secure Systems

  • Ka-Ping Yee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2513)


The security of any system that is configured or operated by human beings depends on the information conveyed by the user interface, the decisions of the users, and the interpretation of their actions. This paper establishes some starting points for reasoning about security from a user-centred perspective: it proposes to model systems in terms of actors and actions, and introduces the concept of the subjective actor-ability state. Ten principles for secure interaction design are identified; examples of real-world problems illustrate and justify the principles.


Design Principle Security Policy User Agent Interaction Design Intentional Stance 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    A. Adams and M. A. Sasse. Users are Not the Enemy. In Communications of the ACM (Dec 1999), p. 40–46.Google Scholar
  2. 2.
    B. Bruce and D. Newman. Interacting Plans. In Readings in Distributed Artificial Intelligence. Morgan Kaufmann (1988), p. 248–267.Google Scholar
  3. 3.
    Combex. E and CapDesk: POLA for the Distributed Desktop.
  4. 4.
    D. Dennett. The Intentional Stance. MIT Press (1987).Google Scholar
  5. 5. Open Source Distributed Capabilities.
  6. 6.
    J. J. Gibson. The Ecological Approach to Visual Perception. Houghton Mifflin (1979), p. 127 (excerpt,
  7. 7.
    S. Garfinkel and G. Spafford. Practical UNIX and Internet Security. O’Reilly (1996).Google Scholar
  8. 8.
    N. Hardy. The KeyKOS Architecture. In Operating Systems Review, 19(4)8–25.Google Scholar
  9. 9.
    N. Hardy. The Confused Deputy. In Operating Systems Review, 22(4)36–38.Google Scholar
  10. 10.
    U. Holmström. User-centered design of secure software. In Proceeedings of the 17th Symposium on Human Factors in Telecommunications (May 1999), Denmark.Google Scholar
  11. 11.
    D. Ingalls. Design Principles Behind Smalltalk. In BYTE Magazine (Aug 1981).Google Scholar
  12. 12.
    U. Jendricke and D. Gerd tom Markotten. Usability meets Security: The Identity-Manager as your Personal Security Assistant for the Internet. In Proceedings of the 16th Annual Computer Security Applications Conference (Dec 2000).Google Scholar
  13. 13.
    C.-M. Karat. Iterative Usability Testing of a Security Application. In Proceedings of the Human Factors Society 33rd Annual Meeting (1989).Google Scholar
  14. 14.
    K. Karvonen. Creating Trust. In Proceedings of the Fourth Nordic Workshop on Secure IT Systems (Nov 1999), p. 21–36.Google Scholar
  15. 15.
    M. S. Miller, C. Morningstar, and B. Frantz. Capability-Based Financial Instruments. In Proceedings of the 4th Conference on Financial Cryptography (2000).Google Scholar
  16. 16.
    W. S. Mosteller and J. Ballas. Usability Analysis of Messages from a Security System. In Proceedings of the Human Factors Society 33rd Annual Meeting (1989).Google Scholar
  17. 17.
    Microsoft. Bulletin MS98-010: Information on the “Back Orifice“ Program. (Aug 1998).
  18. 18.
    J. Nielsen. Enhancing the explanatory power of usability heuristics. In Proceedings of the ACM CHI Conference (1994), p. 152–158.Google Scholar
  19. 19.
    D. A. Norman. The Psychology of Everyday Things. New York: Basic Books (1988).Google Scholar
  20. 20.
    C. Nass, J. Steuer, and E. Tauber. Computers are Social Actors. In Proceedings of the ACM CHI Conference (1994), p. 72–78 (see
  21. 21.
    J. H. Saltzer and M. D. Schroeder. The Protection of Information in Computer Systems. In Proceedings of the IEEE, 63(9)1278–1308 (see
  22. 22.
    J. Shapiro, J. Smith, and D. Farber. EROS: A Fast Capability System. In Proceedings of the 17th ACM Symposium on Op. Sys. Principles (Dec 1999).Google Scholar
  23. 23.
    M. Wertheimer. Untersuchungen zur Lehre von der Gestalt II. In Psychologische Forschung, 4, p. 301–350. Translation “Laws of organization in perceptual forms” in W. D. Ellis, A Sourcebook of Gestalt Psychology, Routledge & Kegan Paul (1938), p. 71–88 (see Scholar
  24. 24.
    A. Whitten and J. D. Tygar. Why Johnny can’t encrypt. In Proceedings of the 8th USENIX Security Symposium (Aug 1999).Google Scholar
  25. 25.
    M. E. Zurko, R. Simon, and T. Sanfilippo. A User-Centered, Modular Authorization Service Built on an RBAC Foundation. In Proceedings of IEEE Symposium on Research in Security and Privacy (May 1999), p. 57–71.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Ka-Ping Yee
    • 1
  1. 1.University of CaliforniaBerkeley

Personalised recommendations