Adapting Personas for Use in Security Visualization Design

It has long been noted that visual representations of complex information can facilitate rapid understanding of data {citation], even with respect to ComSec applications {citation]. Recognizing that visualizations can increase usability in ComSec applications, [Zurko, Sasse] have argued that there is a need to create more usable security visualizations. (VisSec) However, usability of applications generally fall into the domain of Human Computer Interaction (HCI), which generally relies on heavy-weight user-centered design (UCD) processes. For example, the UCD process can involve many prototype iterations, or an ethnographic field study that can take months to complete. The problem is that VisSec projects generally do not have the resources to perform ethnographic field studies, or to employ complex UCD methods. They often are running on tight deadlines and budgets that can not afford standard UCD methods. In order to help resolve the conflict of needing more usable designs in ComSec, but not having the resources to employ complex UCD methods, in this paper we offer a stripped-down lighter weight version of a UCD process which can help with capturing user requirements. The approach we use is personas which a user requirements capturing method arising out of the Participatory Design philosophy [Grudin02].

[1]  Jonathan Grudin,et al.  Personas: practice and theory , 2003, DUX '03.

[2]  J.B. Bowles,et al.  Better software reliability by getting the requirements right , 2006, RAMS '06. Annual Reliability and Maintainability Symposium, 2006..

[3]  William Yurcik,et al.  Maintaining Perspective on Who Is The Enemy in the Security Systems Administration of Computer Networks , 2003 .

[4]  J. Grudin 12 – WHY PERSONAS WORK: THE PSYCHOLOGICAL EVIDENCE , 2006 .

[5]  Michael J. Muller,et al.  Putting personas to work , 2006, CHI Extended Abstracts.

[6]  Yvonne Dittrich,et al.  Personas is not applicable: local remedies interpreted in a wider context , 2004, PDC 04.

[7]  Wayne G. Lutters,et al.  The Work of Intrusion Detection: Rethinking the Role of Security Analysts , 2004, AMCIS.

[8]  Northrop Grumman,et al.  Recommended Requirements Gathering Practices , 2002 .

[9]  Iftikhar Ahmed,et al.  Making personas memorable , 2007, CHI Extended Abstracts.

[10]  John S. Pruitt,et al.  The Persona Lifecycle: Keeping People in Mind Throughout Product Design , 2006 .

[11]  Mary Ellen Zurko User-centered security: stepping up to the grand challenge , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[12]  Alan Cooper,et al.  The Inmates Are Running the Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity (2nd Edition) , 1999 .

[13]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[14]  W. Buxton Human-Computer Interaction , 1988, Springer Berlin Heidelberg.

[15]  Simson L. Garfinkel,et al.  Security and Usability , 2005 .

[16]  Gregory J. Conti,et al.  Filtering, Fusion and Dynamic Information Presentation: Towards a General Information Firewall , 2005, ISI.

[17]  Ahmed Seffah Learning the ropes: human-centered design skills and patterns for software engineers' education , 2003, INTR.

[18]  Deborah A. Frincke,et al.  Intrusion and Misuse Detection in Large-Scale Systems , 2002, IEEE Computer Graphics and Applications.

[19]  Chris North,et al.  Bridging the Host-Network Divide: Survey, Taxonomy, and Solution , 2006, LISA.

[20]  Gregory D. Abowd,et al.  Human-Computer Interaction, third edition , 2004 .

[21]  J. T. Lochner The Journal of Defense Software Engineering , 1999 .

[22]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .

[23]  Jonathan Grudin,et al.  Personas, Participatory Design and Product Development: An Infrastructure for Engagement , 2002 .

[24]  Anita D'Amico,et al.  Information assurance visualizations for specific stages of situational awareness and intended uses: lessons learned , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[25]  Karen Holtzblatt,et al.  Contextual design: using customer work models to drive systems design , 1998, CHI Conference Summary.

[26]  T.M. Duffy,et al.  Scenario-Based Design: Envisioning Work and Technology in System Development [Book Review] , 1996, IEEE Transactions on Professional Communication.

[27]  Nahum Gershon,et al.  What storytelling can do for information visualization , 2001, Commun. ACM.