Abstract
The main success of the internet is its openness. To guarantee security in the internet — for example to protect the user’s privacy — the use of security tools is essential. Because today’s internet users cover almost all educational levels and professional groups, we assume that in most cases they will be security novices. Unfortunately, the usage of today’s security tools is mostly too complex and incomprehensible, thus opening security leaks caused by incorrect usage. In order to identify security leaks arising from the user interface, an objective measure for the usability of security tools is necessary. At present, such a measure does not exist. This paper develops such a measure for the usability of security tools. We propose problem categories for errors in security tools. Based on this categorization, we propose a taxonomy for the usability of security functions. Applying this taxonomy, security functions may be ranked according to the user’s ability to avoid self-induced, security-critical user errors. Additionally, the taxonomy may explain possible causes of errors, introducing design alternatives to avoid these errors.
Chapter PDF
Similar content being viewed by others
References
CCITSE - The Common Criteria for Information Technology Security Evaluation (2000): Common Criteria Version 2.1/ISO IS 15408.
Common Criteria for Information Technology Security Evaluation V 2.1, Version 2.1.
ISO-Standard, no. 9241-part 10 (1996): Guidlines for dialogue design.
Nielsen, J. (1993), Usability Engineering Academic Press.
Prabhu, P.V. and Prabhu G.V. (1997), Human Error and User-Interface Design,in Helander, M., Landauer, T.K. and Prabhu, P.V., Handbook of Human-Computer Interaction.
Rannenberg, K., Zertifizierung mehrseitiger IT-Sicherheit — Kriterien und organisatorische Rahmenbedingungen (1998); Reihe DuD-Fachbeiträge im Verlag Vieweg, Braunschweig u.a.
Rannenberg, K., Pfitzmann, A., and Müller, G. (1999), IT Security and Multilateral Security. In Müller, G. and Rannenberg, K. (Eds.), Technology, Infrastructure, Economy, Volume 3 of Mulitlateral Security in Communications,pages 21–29, Addison Wesley Longman Verlag GmbH.
Rasmussen, J. (1986), Information Processing and Human-Machine Interaction, Amsterdam: North Holland.
Reason, J. (1990), Human Error,Cambridge University Press.
Whitten, A. and Tygar, J.D. (1999), Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0, in Proceedings of the 8 th USENIX Security Symposium.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Kaiser, J., Reichenbach, M. (2002). Evaluating Security Tools towards Usable Security. In: Hammond, J., Gross, T., Wesson, J. (eds) Usability. IFIP WCC TC13 2002. IFIP — The International Federation for Information Processing, vol 99. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35610-5_17
Download citation
DOI: https://doi.org/10.1007/978-0-387-35610-5_17
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6910-4
Online ISBN: 978-0-387-35610-5
eBook Packages: Springer Book Archive