Sie befinden sich hier:

  1. Working Group Usable Security & Privacy

Usable Security and Privacy Reading List

This page collects literature worth reading from the field of Usable Security and Privacy. The list is managed by the German UPA and everyone can contribute to it by creating a pull request on GitHub. After reviewing the request, we will add the new literature entry to the list.

Usability Meanings and Interpretations in ISO Standards

by Alain Abran, Adel Khelifi, Witold Suryn, Ahmed Seffah
published in: Software Quality Control 11(4), S.325-338, 2003. More information (Link ist extern)

"This paper gives an overview of the definition and quality characteristics of the term usability of various ISO standards. Interestingly, security is mentioned in some standards as a quality feature of usability."

Circumvention of Security: Good Users Do Bad Things

by Jim Blythe, Ross Koppel, Sean W. Smith
published in: IEEE Security & Privacy 11(5). IEEE, 2013. More information (Link ist extern)

"It is difficult to find well-founded examples of security mechanisms being circumvented for practical reasons. After all, this is a sensitive issue for companies that should not be made public if possible. This article shows that it happens anyway."

Are 21st-Century Citizens Grieving for their Loss of Privacy?

by Gregory J. Bott & Karen Renaud
published in: Proceedings of 2018 IFIP 8.11/11.13 Dewald Roode Information Security Workshop IFIP Working Group 8.11/11.13. More information (Link ist extern)

"Interesting approach: Based on reactions to Data Breaches reports, people are classified into one of the five stages of mourning (denial, anger, negotiation, mourning, acceptance)."

Security and Usability: Designing Secure Systems that People Can Use

by Lorrie Faith Cranor & Simson Garfinkel
published in: O'Reilly, Sebastopol 2005. More information (Link ist extern)

"This collection contains 34 articles by leading security and usability researchers, including some classics such as "Users Are Not the Enemy" and "Why Johnny Can't Encrypt". The 700-page book focuses on Realigning Usability and Security, Authentication Mechanisms, Secure Systems, Privacy and Anonymity Systems, Commercializing Usability."

A Framework for Reasoning About the Human in the Loop

by Lorrie Faith Cranor
published in: Proceedings of the 1st Conference on Usability, Psychology, and Security 2008, 1. Artikel. USENIX Association Berkeley, CA 2008. More information (Link ist extern)

"Lorrie Faith Cranor's Human-in-the-Loop Security Framework can help to understand people's behaviour when dealing with security mechanisms. A valuable tool for the development of usable security mechanisms."

Why phishing works

by Rachna Dhamija, J. D. Tygar, Marti Hearst
published in: CHI '06 CHI 2006 Conference on Human Factors in Computing Systems. ACM, New York 2006. More information (Link ist extern)

"Very good overview paper by Dhamija, Tygar and Hearst, discussing why current usable security mechanisms do not help to detect phishing attacks and why phishing attacks are still so effective."

Gebrauchstaugliche Informationssicherheit

by Simone Fischer-Hübner, Rüdiger Grimm, Luigi Lo Iacono, Sebastian Möller, Günter Müller, Melanie Volkamer
published in: <kes> Die Zeitschrift für Informations-Si-cherheit, Ausgabe 4/2011, S. 6–10. SecuMedia, Ingelheim 2011. More information (Link ist extern)

"Well-founded, German-language introductory article that examines the topic of usable security from a scientific and practical perspective. In detail some areas are considered, which are still very relevant today, e.g. visualization techniques and the administration of sets of rules."

Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable

by Simson L. Garfinkel
published in: Dissertation, Massachusetts Institute of Technology, Cambridge 2005. More information (Link ist extern)

"In his PhD thesis, Garfinkel takes the view that there is no inherent conflict between security and user-friendliness in the development of systems and that synergies can be exploited in the (re-)design of the systems. In particular, he presents six principles and about 20 patterns that make it possible to better harmonize security and usability in the design of systems."

Usable Security: History, Themes, and Challenges

by Simson Garfinkel & Heather Richter Lipford
published in: Morgan & Claypool, 2014. More information (Link ist extern)

"With just under 150 pages, this slim work offers a very good overview of the Usable Security field of science. The 39-page bibliography with relevant publications can be used as a valuable resource for familiarization with the various topics."

Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon

by Spyros Kokolakis
published in: Computers & Security, Volume 64, 2017, Pages 122-134, ISSN 0167-4048. More information (Link ist extern)

"Good overview of previous research on the privacy paradox, which describes the phenomenon that many users express concerns about their privacy, but do not behave accordingly."

Evaluationsmethoden für benutzerzentrierte IT-Sicherheit

by Olaf Kroll-Peters
published in: Dissertation, Technische Universität Berlin, Berlin 2010. More information (Link ist extern)

"One of the few papers on the evaluation of usable security. In his dissertation, Kroll-Peters examines potential threats and user groupings and presents concepts and (prototypical) implementations that show approaches for implementing user-centered IT security."

The Way I See It: When security gets in the way

by Donald A. Norman
published in: interactions 16(6), S. 60-63. ACM, New York, NY 2009. More information (Link ist extern)

"An excellent introductory article on Usable Security, written by Donald Norman."

A Brief Introduction to Usable Security

by Bryan D. Payne & W. Keith Edwards
published in: IEEE Internet Computing 12(3), S. 13-21. IEEE Educational Activities Department, Piscataway, NJ 2008. More information (Link ist extern)

"Good introduction to user-centric IT security. In particular, Payne and Edwards provide insight into previous research on passwords, authentication and email encryption and discuss the application of design guidelines."

Why Doesn’t Jane Protect Her Privacy?

by Karen Renaud, Melanie Volkamer, Arne Renkema-Padmos
published in: Privacy Enhancing Technologies. PETS 2014. Lecture Notes in Computer Science, vol. 8555. Springer, Cham. More information (Link ist extern)

"Presentation of a step-by-step model that describes the prerequisites that must be met for users to protect their private data/privacy."

“Technology Should Be Smarter Than This!”: A Vision for Overcoming the Great Authentication Fatigue

by M. Angela Sasse
published in: Secure Data Management, S. 33–36. Springer 2013. More information (Link ist extern)

"An interesting explanation by A. Sasse, how usability problems of authentication mechanisms could be solved in the future."

The Two Western Cultures of Privacy: Dignity versus Liberty

by James Q. Whitman
published in: Yale Law School Faculty Scholarship Series. Paper 649. More information (Link ist extern)

"Interesting and entertaining written account on the cultural differences between Europeans (mainly German and French) and Americans regarding their understanding of privacy."

Aligning Security and Usability

by Ka-Ping Yee
published in: IEEE Security & Privacy 2(5), S. 48-55. IEEE Educational Activities Department, Piscataway, NJ 2004. More information (Link ist extern)

"Very interesting paper by Ka Ping Yee, which proposes easy to implement Usable Security Design Principles."