Merel Brandon, H. Schraffenberger, W. Sluis-Thiescheffer, T. Geest, Daniel Ostkamp, Bart Jacobs
{"title":"Design Principles for Actual Security","authors":"Merel Brandon, H. Schraffenberger, W. Sluis-Thiescheffer, T. Geest, Daniel Ostkamp, Bart Jacobs","doi":"10.1145/3547522.3547684","DOIUrl":null,"url":null,"abstract":"The importance of designing for actual security, i.e., security in practice, is underlined by previous work. However, clear design principles for actual security are missing. This paper reports early work on establishing such design principles based on heuristic evaluations of security-enhancing applications. Seven experts evaluated the actual security of four applications for secure email communication. Based on a qualitative analysis of the experts’ findings, we formulate six design principles for actual security that apply to secure email, secure communication, and other security-enhancing applications.","PeriodicalId":265029,"journal":{"name":"Adjunct Proceedings of the 2022 Nordic Human-Computer Interaction Conference","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Adjunct Proceedings of the 2022 Nordic Human-Computer Interaction Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3547522.3547684","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
The importance of designing for actual security, i.e., security in practice, is underlined by previous work. However, clear design principles for actual security are missing. This paper reports early work on establishing such design principles based on heuristic evaluations of security-enhancing applications. Seven experts evaluated the actual security of four applications for secure email communication. Based on a qualitative analysis of the experts’ findings, we formulate six design principles for actual security that apply to secure email, secure communication, and other security-enhancing applications.