Presentation is loading. Please wait.

Presentation is loading. Please wait.

Designing for security and privacy. Agenda Tests Tests Project questions? Project questions? Design lecture Design lecture Assignments Assignments.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Designing for security and privacy. Agenda Tests Tests Project questions? Project questions? Design lecture Design lecture Assignments Assignments."— Presentation transcript:

1 Designing for security and privacy

2 Agenda Tests Tests Project questions? Project questions? Design lecture Design lecture Assignments Assignments

3 What next? So you know usability is important… So you know usability is important… And many systems lack usability… And many systems lack usability… So, how do you create a good one? So, how do you create a good one? Its hard! Its hard! –But we can certainly do better than we are doing now!

4 Design Understand current practices and needs Understand current practices and needs Follow heuristics and guidelines Follow heuristics and guidelines Avoid pitfalls Avoid pitfalls Prototype, evaluate, and iterate Prototype, evaluate, and iterate

5 Mental Model reminder Users conception of what the software is doing should match with what the software actually does. Users conception of what the software is doing should match with what the software actually does. Interface What user thinks is happening What is really happening

6 Designation vs. Admonition Security by designation Security by designation –When a user designates an action, take appropriate security related actions Security by admonition Security by admonition –Provide notifications that the user looks at and takes appropriate action from –Display a warning when the user tries to do something dangerous Question: when could we use designation today? When can we not use designation?

7 General usability guidelines Affordances Affordances Visibility Visibility Mapping Mapping Feedback Feedback Constraints Constraints Error prevention Error prevention Error recovery Error recovery Aesthetics & minimalist design Aesthetics & minimalist design Consistency Consistency Flexibility Flexibility

8 Yee guidelines (Ch. 13) Match the most comfortable way to do tasks with the least granting of authority Match the most comfortable way to do tasks with the least granting of authority Grant authority to others in accordance with user actions indicating consent Grant authority to others in accordance with user actions indicating consent Offer the user ways to reduce others’ authority Offer the user ways to reduce others’ authority Maintain awareness of others’ authority Maintain awareness of others’ authority Maintain accurate awareness of user’s own authority Maintain accurate awareness of user’s own authority Protect user’s channels to agents that manipulate authority Protect user’s channels to agents that manipulate authority Enable user to express safe security policies in terms that fit the task Enable user to express safe security policies in terms that fit the task Draw distinctions among objects and actions along boundaries relevant to the task Draw distinctions among objects and actions along boundaries relevant to the task Present objects using distinguishable, truthful appearances Present objects using distinguishable, truthful appearances Indicate consequences of decisions Indicate consequences of decisions How do these relate to general usability guidelines?

9 Trust Design Guidelines 1. Ensure good ease of use. 2. Use attractive design. 3. Create a professional image – avoid spelling mistakes and other simple errors. 4. Don’t mix advertising and content – avoid sales pitches and banner advertisements. 5. Convey a “real-world” look and feel – for example, with use of high- quality photographs of real places and people. 6. Maximize the consistency, familiarity, or predictability of an interaction both in terms of process and visually. 7. Include seals of approval such as TRUSTe. 8. Provide explanations, justifying the advice or information given. 9. Include independent peer evaluation such as references from past and current users and independent message boards. 10. Provide clearly stated security and privacy statements, and also rights to compensation and returns. 11. Include alternative views, including good links to independent sites with the same business area. 12. Include background information such as indicators of expertise and patterns of past performance. 13. Clearly assign responsibilities (to the vendor and the customer). 14. Ensure that communication remains open and responsive, and offer order tracking or an alternative means of getting in touch. 15. Offer a personalized service that takes account of each client’s needs and preferences and reflects its social identity.

10 Web bloopers 2. Confusing classifications. Content categories seem arbitrary or nonsensical. 4.Conflicting content. Information in different parts of site disagrees. 5.Outdated content. Content on site is out-of-date, but not clearly marked as archival. 6. Missing or useless content. Information users need to accomplish goals is missing. 9.Requiring unneeded data. Making users provide non-essential information. 10.Pointless choice. Offering or requiring meaningless choices. 19.Lost in space: Current page not indicated. Page doesn’t clearly show where user is. 30.Mysterious controls. Operation of controls is unclear due to poor labeling, poor layout, or uniqueness of controls. 31.Baffling search controls. Search options require knowledge of computer or industry-insider concepts. 41.Too much text. Overly-verbose instructions, messages, or link-labels. 47.Typos and grammos: Sloppy writing. Failing to check and fix text before going live. Jeff Johnson, http://www.web-bloopers.com/http://www.web-bloopers.com/ …also GUI Bloopers

11 Privacy Pitfalls Understanding Privacy Implications Understanding Privacy Implications –Obscuring potential information flow (1) –Obscuring actual information flow (2) Socially Meaningful Action Socially Meaningful Action –Emphasizing configuration over action (3) –Lacking coarse-grained control (4) –Inhibiting established practice (5) Any others you want to suggest? Can privacy-insensitive systems still be successful?

12 Example: Faces Specify who can see what and when Specify who can see what and when Mobile interface for in-situ feedback Mobile interface for in-situ feedback Design activities: Design activities: –Literature review –Interviewed 12 local residents, surveyed 130 people –Iterated through series of low-fidelity prototypes Findings: Findings: –Primary determinant of privacy preferences is who (inquirer) –disclosure situation is also important

13 Faces cont. Different disclosure preferences for different inquirers Different disclosure preferences for different inquirers Optionally add situation parameter Optionally add situation parameter Each disclosure preference can be associated with a face Each disclosure preference can be associated with a face “If this inquirer wants info when I’m in this situation, show her this face” “If this inquirer wants info when I’m in this situation, show her this face”

14 Problems with Faces What pitfalls did this violate? What pitfalls did this violate? Which ones did it avoid? Which ones did it avoid? So what was critical failure? So what was critical failure? Why didn’t they figure this out earlier? Why didn’t they figure this out earlier?

15 Chameleon Evolved through prototyping Evolved through prototyping What is good about the design? What is good about the design? What is potentially problematic? What is potentially problematic?

16 Your assignment Designs Designs –What were the problems? General usability or specific to security or privacy? –How did you come up with solution? Which is your favorite? Which is your favorite?

Download ppt "Designing for security and privacy. Agenda Tests Tests Project questions? Project questions? Design lecture Design lecture Assignments Assignments."

Similar presentations

Research Methods and Usability Guidelines for Ecommerce Web Sites Mary Czerwinski Microsoft Research Note: Many of these slides came from a Keynote address.

Research Methods and Usability Guidelines for Ecommerce Web Sites Mary Czerwinski Microsoft Research Note: Many of these slides came from a Keynote address.
Member FINRA/SIPCThursday, November 12, 2009 Resource Menu Changes - Report User Experience Study | Kevin Cornwall.

Member FINRA/SIPCThursday, November 12, 2009 Resource Menu Changes - Report User Experience Study | Kevin Cornwall.
1 CS 501 Spring 2002 CS 501: Software Engineering Lecture 11 Designing for Usability I.

1 CS 501 Spring 2002 CS 501: Software Engineering Lecture 11 Designing for Usability I.
Trust and Privacy. Agenda Questions? Questions? Trust Trust More project time More project time Privacy Privacy.

Trust and Privacy. Agenda Questions? Questions? Trust Trust More project time More project time Privacy Privacy.
Location Based Social Networking For All Presenter: Danny Swisher.

Location Based Social Networking For All Presenter: Danny Swisher.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/)

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
Ch 11 Cognitive Walkthroughs and Heuristic Evaluation Yonglei Tao School of Computing and Info Systems GVSU.

Ch 11 Cognitive Walkthroughs and Heuristic Evaluation Yonglei Tao School of Computing and Info Systems GVSU.
11 HCI - Lesson 5.1 Heuristic Inspection (Nielsen’s Heuristics) Prof. Garzotto.

11 HCI - Lesson 5.1 Heuristic Inspection (Nielsen’s Heuristics) Prof. Garzotto.
Electronic Communications Usability Primer.

Electronic Communications Usability Primer.
Copyright © 2005, Pearson Education, Inc. Chapter 8 Command and Natural Languages.

Copyright © 2005, Pearson Education, Inc. Chapter 8 Command and Natural Languages.
Part 4: Evaluation Days 25, 27, 29, 31 Chapter 20: Why evaluate? Chapter 21: Deciding on what to evaluate: the strategy Chapter 22: Planning who, what,

Part 4: Evaluation Days 25, 27, 29, 31 Chapter 20: Why evaluate? Chapter 21: Deciding on what to evaluate: the strategy Chapter 22: Planning who, what,
Content Management System 213 Project 4-26-01 Peter Roessler, Dhea Maloney, Chris Marin, Chan Jean Lee.

Content Management System 213 Project Peter Roessler, Dhea Maloney, Chris Marin, Chan Jean Lee.
INTERACTIVE BRAND COMMUNICATION Class 7 Creative Issues II: Creating Effective Online Advertising.

INTERACTIVE BRAND COMMUNICATION Class 7 Creative Issues II: Creating Effective Online Advertising.
Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust.

Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust.
Midterm Exam Review IS 485, Professor Matt Thatcher.

Midterm Exam Review IS 485, Professor Matt Thatcher.
Inspection Methods. Inspection methods Heuristic evaluation Guidelines review Consistency inspections Standards inspections Features inspection Cognitive.

Inspection Methods. Inspection methods Heuristic evaluation Guidelines review Consistency inspections Standards inspections Features inspection Cognitive.
Heuristic Evaluation Evaluating with experts. Discount Evaluation Techniques  Basis: Observing users can be time- consuming and expensive Try to predict.

Heuristic Evaluation Evaluating with experts. Discount Evaluation Techniques  Basis: Observing users can be time- consuming and expensive Try to predict.
Evaluating with experts

Evaluating with experts
Mid-Term Exam Review IS 485, Professor Matt Thatcher.

Mid-Term Exam Review IS 485, Professor Matt Thatcher.

Similar presentations

Ads by Google