Secure Interaction Design
Ka-Ping Yee

New: please check out, my new blog on usable security.

Usability and security aren't contrary goals; don't assume that you must sacrifice one for the sake of the other. In fact, a system that's hard to understand and use will almost certainly have security problems in practice. A more secure system is a more reliable, more effective system: hence, a more usable system. Here's a definition from Garfinkel and Spafford's book, Practical UNIX and Internet Security:

"A computer is secure if you can depend on it and its software to behave as you expect."

Doesn't that look like it would be good for usability, too?


Please read User Interaction Design for Secure Systems (356 kb PDF, updated 3 Dec 2002). An abridged version was accepted for publication in the proceedings of ICICS 2002 in Singapore. The paper presents the actor-ability model as a framework for secure interaction design and suggests ten design principles.


Here's the current list of ten suggested principles for secure interaction design (slightly revised from the version presented in the paper, to improve clarity).

Path of Least Resistance Match the most comfortable way to do tasks with the least granting of authority.
Active Authorization Grant authority to others in accordance with user actions indicating consent.
Revocability Offer the user ways to reduce others' authority to access the user's resources.
Visibility Maintain accurate awareness of others' authority as relevant to user decisions.
Self-Awareness Maintain accurate awareness of the user's own authority to access resources.
Trusted Path Protect the user's channels to agents that manipulate authority on the user's behalf.
Expressiveness Enable the user to express safe security policies in terms that fit the user's task.
Relevant Boundaries Draw distinctions among objects and actions along boundaries relevant to the task.
Identifiability Present objects and actions using distinguishable, truthful appearances.
Foresight Indicate clearly the consequences of decisions that the user is expected to make.


The poster illustrates the ten principles (using the older wording, but the same intent).



This work began as a project for CS 261.