Secure Interaction Design and the Principle of Least Authority
暂无分享,去创建一个
The security of any computer system that is configured or operated by human beings critically depends on the information conveyed by the user interface, the decisions of the users, and the interpretation of their actions. This position paper puts forth some starting points for reasoning about security from a user-centred point of view. I rebut the common assumption that security and usability are always in conflict, propose a user model based on the subjective actor-ability state, and identify ten key principles for secure interaction design. I argue that adherence to the Principle of Least Authority is essential to usability goals for secure systems, and call for increased attention to this well-known security principle in the security community.
[1] D. Dennett. The Intentional Stance. , 1987 .
[2] HardyNorm. The Confused Deputy , 1988 .
[3] Ka-Ping Yee,et al. User Interaction Design for Secure Systems , 2002, ICICS.