User-Centered Security Engineering

Current approaches to security engineering mainly focus on attacker models, secure mechanisms, and code testing to ensure a high level security standard. However, these approaches do not sufficiently emphasize the usability of the system and the risk arises that the implemented mechanisms create overheads for users or require unworkable user behaviour. In addition, end users will not use security products they cannot understand or which are difficult to apply. Therefore, we propose the new concept of integrated user-centered security engineering to bridge the gap between security and usability. This method has been pursued for the development and implementation of the security tool “Identity Manager”.