Usable Security und Privacy

ZusammenfassungBedienbarkeit, Verständlichkeit und Akzeptanz von Schutzmechanismen stehen bei deren Entwicklung in der Regel nicht im Vordergrund — obwohl sie nachweislich einen erheblichen Einfluss auf das (sicherheitsadäquate) Verhalten der Nutzer haben. Die Autoren geben einen überblick über die bisherigen Ansätze auf dem Gebiet „Usable Security and Privacy“ und zeigen den weiteren Forschungs- und Entwicklungsbedarf auf.

[1]  B. Fischhoff,et al.  Judged frequency of lethal events , 1978 .

[2]  Andrew S. Patrick,et al.  From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interactions , 2003, Privacy Enhancing Technologies.

[3]  Jakob Nielsen,et al.  Chapter 5 – Usability Heuristics , 1993 .

[4]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[5]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[6]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[7]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[8]  R. Shepard Recognition memory for words, sentences, and pictures , 1967 .

[9]  C. Andersson,et al.  Trust in PRIME , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[10]  Nils Gruschka,et al.  Security for XML Data Binding , 2010, Communications and Multimedia Security.

[11]  Simone Fischer Hübner,et al.  Trust and Assurance Control : UI prototypes , 2009 .

[12]  Sebastian Möller,et al.  An Experimental System for Studying the Tradeoff between Usability and Security , 2009, 2009 International Conference on Availability, Reliability and Security.

[13]  Nathaniel Good,et al.  Usability and privacy: a study of Kazaa P2P file-sharing , 2003, CHI '03.

[14]  Lorrie Faith Cranor,et al.  Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[15]  Nikita Borisov,et al.  Off-the-record communication, or, why not to use PGP , 2004, WPES '04.

[16]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[17]  Ian Goldberg,et al.  A user study of off-the-record messaging , 2008, SOUPS '08.

[18]  Desney S. Tan,et al.  An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks , 2007, Financial Cryptography.

[19]  Raffael Marty,et al.  Applied Security Visualization , 2008 .

[20]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[21]  Rachna Dhamija,et al.  The Seven Flaws of Identity Management: Usability and Security Challenges , 2008, IEEE Security & Privacy.

[22]  John Sören Pettersson,et al.  Making PRIME usable , 2005, SOUPS '05.

[23]  Lennart Sjöberg,et al.  Factors in Risk Perception , 2000 .

[24]  Nils Gruschka,et al.  Password Visualization beyond Password Masking , 2010, INC.

[25]  Carl Sandom,et al.  Human factors for engineers , 2004 .

[26]  B. J. Fogg,et al.  What makes Web sites credible?: a report on a large quantitative study , 2001, CHI.

[27]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[28]  Clare-Marie Karat Iterative Usability Testing of a Security Application , 1989 .

[29]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.