• Corpus ID: 62289566

Making Security Usable

  title={Making Security Usable},
  author={Alma Whitten and J. D. Tygar},
Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy. The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of those organizations or of the United States government. Abstract Usability remains one of the most pressing and challenging problems for computer security. Despite widespread recognition of the damage that results from… 

Heuristics and Models for Evaluating the Usability of Security Measures

A heuristics-based usability evaluation and optimization approach for security measures that allows developers and administrators to perform usability evaluations and thus enables an early tailoring to the user, complementary to expert or user reviews.

Usable Security: History, Themes, and Challenges

The historical context of the work to date on usable security and privacy is presented, a taxonomy for organizing that work is created, current research objectives are outlined, lessons learned are presented, and suggestions for future research are made.

Design principles and patterns for computer systems that are simultaneously secure and usable

This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications.

User help techniques for usable security

The purpose of this work is to analyse conventional and security-specific user help techniques with regard to their usefulness in supporting lay users in security applications and complement these with the tempting alternative of built-in, hidden security.

Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science Proposal for Thesis Research in Partial Fulfillment Of the Requirements for the Degree of Doctor of Philosophy

This thesis aims to develop a set of design principles for creating and evaluating security systems — principles that, when followed, simultaneously provide for increased security and increased usability.

Usability challenges of PKI

A general multi-layer model of methods to promote usable security is introduced as a generic tool for the analysis of PKI-enabled applications of any kind and a uniform and seamless solution for the World Wide Web that supports all common authentication mechanisms is presented.

Attribute-based, usefully secure email

Criteria for a system that will enable humans apply these same methods of trust-building in the digital world are developed and Attribute-Based, Usefully Secure Email (ABUSE) is presented and it is shown that it meets the authors' criteria, but also provides empirical evidence that real users are helped by the system.


To assess the usable-security of the two alternatives versions of the software called version 1 and version 2, authors are using the Fuzzy Analytic Hierarchy Process (Fuzzy AHP) methodology and the impact of the security on usability and impact on security are evaluated quantitatively.

Why users cannot use security

A User-Centered Model for Usable Security and Privacy

A user- centered model for usable security and privacy that is aligned with user-centered design guidelines and the Human-Centered Design process is presented and an initial method for the design of usable security systems is presented.



Usability of Security: A Case Study,

This study studied the usability of PGP 5.0 to discover whether that was sufficient to enable non-programmers who know little about security to actually use it effectively, and concludes that PGP5.0 is not sufficiently usable to provide effective security for most users.

Usability and Security

The various information security methods that are used are reviewed, the usability issues are appraised, the relationship between these two aspects are mapped and the relation between usability and the degree of security provided by the various Information security methods is mapped.

Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0

It is concluded that PGP 5.0 is not usable enough to provide effective security for most computer users, despite its attractive graphical user interface, supporting the hypothesis that user interface design for effective security remains an open problem.

Usability meets security - the Identity-Manager as your personal security assistant for the Internet

A new concept to improve the usability of security mechanisms, introducing an extended classification of protection goals is presented, which is the basis of the Identity-Manager, a new security tool presented in this paper.

User-centered design of security software

The objective is to develop a security concept that supports a user in making educated decisions and managing security issues in everyday networked service access situation, and applies user centered design to the development of a security manager concept for a portable computer and communication device.

User-centered security

This work discusses the work on user-centered authorization, which started with a rules-based authorization engine (MAP) and will continue with Adage, and evaluates the pros and cons of this effort, as a precursor to further work in this area.

Iterative Usability Testing of a Security Application

This paper reports the results of three iterative usability tests of a security application as it evolved through the application development process and highlights the use of several methodological

A user-centered, modular authorization service built on an RBAC foundation

The design of Adage, an authorization service for distributed applications, and lessons learned from the implementation through a planned deployment in a context that must balance new research in risk management with dependencies on legacy services.

Security as a Practical Problem: Some Preliminary Observations of Everyday Mental Models

The current approach is based on the dynamic visualization of aspects of software system behaviour that relate to network activity, file activity, and security configuration, based on ethnographic-style semistructured interviews of end users of Internet technologies.

Why cryptosystems fail

It turns out that the threat model commonly used by cryptosystem designers was wrong: most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures, suggesting that a paradigm shift is overdue in computer security.