Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

A User-Centered Model for Usable Security and Privacy

: Feth, Denis; Maier, Andreas; Polst, Svenja


Tryfonas, Theo (Ed.):
Human Aspects of Information Security, Privacy and Trust. 5th International Conference, HAS 2017 : Held as Part of HCI International 2017. Vancouver, BC, Canada, July 9-14, 2017. Proceedings
Cham: Springer International Publishing, 2017 (Lecture Notes in Computer Science 10292)
ISBN: 978-3-319-58459-1 (print)
ISBN: 978-3-319-58460-7 (online)
ISBN: 3-319-58459-6
International Conference on Human Aspects of Information Security, Privacy and Trust (HAS) <5, 2017, Vancouver>
International Conference on Human-Computer Interaction (HCI International) <19, 2017, Vancouver>
Fraunhofer IESE ()
usability; security; privacy; security modelling; user-centered design; continuous improvement

Security, privacy and usability are vital quality attributes of IT systems and services. Users and legal authorities demand that systems are secure and preserve privacy. At the same time, security and privacy mechanisms should not complicate workflows and must be transparent for the user. In order to master this challenge, a close involvement of the users is necessary - both at development and at run-time. In this paper, we present a user-centered model for usable security and privacy that is aligned with user-centered design guidelines [34] and the Human-Centered Design process [28]. Based on this model, we present an initial method for the design of usable security systems. Through active involvement of the user, the model and the method are meant to help developers to identify and solve shortcomings of their security and privacy mechanisms. We motivate our work and present our results based on an Internet of Things/smart home scenario. Due to the amount of private data and strong data protection laws, both usability and privacy are of major importance in this domain. However, our model and method are not limited to the smart home domain, but can be applied whenever usable security and privacy are of particular interest for a system under development.