A framework for designing viable security solutions

This paper argues that the widely lamented failure of many security solutions in the market is due to an overly technology- and complexity-driven design approach. We argue that it is the responsibility of the system designers to make sure that their designs leads to an increased security when implemented in practice, including both adoption and usability aspects. To motivate and illustrate our approach, we provide an in-depth case study. We build on earlier works and findings from IT security and related disciplines, but integrate them in a larger framework targeting specifically the security domain. We provide a comprehensive description of the approach and derive guidelines, which are then preliminarily evaluated by a case study.