Secure Interaction Design and the Principle of Least Authority

The security of any computer system that is configured or operated by human beings critically depends on the information conveyed by the user interface, the decisions of the users, and the interpretation of their actions. This position paper puts forth some starting points for reasoning about security from a user-centred point of view. I rebut the common assumption that security and usability are always in conflict, propose a user model based on the subjective actor-ability state, and identify ten key principles for secure interaction design. I argue that adherence to the Principle of Least Authority is essential to usability goals for secure systems, and call for increased attention to this well-known security principle in the security community.