Skip to main content
SpringerLink
Log in

Usable Security und Privacy

  • Aufsätze
  • Published:
Datenschutz und Datensicherheit - DuD Aims and scope Submit manuscript

Zusammenfassung

Bedienbarkeit, Verständlichkeit und Akzeptanz von Schutzmechanismen stehen bei deren Entwicklung in der Regel nicht im Vordergrund — obwohl sie nachweislich einen erheblichen Einfluss auf das (sicherheitsadäquate) Verhalten der Nutzer haben. Die Autoren geben einen überblick über die bisherigen Ansätze auf dem Gebiet „Usable Security and Privacy“ und zeigen den weiteren Forschungs- und Entwicklungsbedarf auf.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Referenzen

  1. C. Andersson, J. Camenisch, S. Crane, S. Fischer-Hubner, R. Leenes, S. Pearson, J.S. Pettersson, D. Sommer: Trust in PRIME. Proceedings of the 5th IEEE Int. Symposium on Signal Processing and IT, December 18–21, 2005, Athens, Greece.

  2. N.B. Asher, J. Meyer, S. Moller, R. Englert: An Experimental System for Studying the Tradeoff between Usability and Security, in: Security and Usability (SECUSAB09), Workshop in the context of the Forth International Conference on Availability, Reliability and Security (AreS 2009), 16–19 Mar., Fukuoka, 2009.

  3. ARTIKEL 29-DATENSCHUTZGRUPPE, 11987/04/DE WP 100, Stellungnahme 10/2004 zu einheitlicheren Bestimmungen uber Informationspflichten angenommen am 25. November 2004

  4. N. Borisov, I. Goldberg, E. Brewer: Off-the-Record Communication, or, Why Not To Use PGP, Workshop on Privacy in the Electronic Society (WPES 2004), 2004.

  5. D. Chappell, Introducing Windows CardSpace, MSDN Article, April 2006. Online verfugbar unter: http://msdn.microsoft.com/en-us/library/aa480189.aspx

  6. The Common Criteria for Information Technology Security Evaluation, Version 3.1, Juli 2009. Online verfugbar unter: http://www.commoncriteriaportal.org/

  7. J. Camenisch, A. Lysyanskaya: Efficient nontransferable anonymous multi-show credential system with optional anonymity revocation. In Advances in Cryptology — Eurocrypt 2001, volume 2045, pages 93–118, 2001.

    Article  Google Scholar 

  8. 2010 CWE/SANS Top 25 Most Dangerous Programming Errors: http://cwe.mitre.org/top25/

  9. R. Dhamija, L. Dusseault: The Seven Flaws of Identity Management: Usability and Security Challenges. IEEE Security and Privacy, vol. 6, no. 2, pp. 24–29, Mar/Apr, 2008.

    Article  Google Scholar 

  10. R. Dhamija, J. D. Tygar, M. Hearst: Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 2006.

  11. A. Dey, S. Weis: Keyczar: A Cryptographic Toolkit, Technical Design Report, 2008. Available online at: http://keyczar.googlecode.com/files/keyczar05b.pdf

  12. S. Egelman, L. Cranor, J. Hong: You’ve Been Warned: An Empirical Study of the Effectiveness of Web browser Phishing Warnings. CH 2008 Proceedings, Florence/Italy, April 5–10, 2008

  13. N. S. Good, A. Krekelberg: Usability and Privacy: A Study of Kazaa P2P File Sharing, in Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI 2003), pp. 137–144, 2003.

  14. S.Fischer-Hubner, S. Furnell, C. Lambrinoudakis, Exploring Trust, Security and Privacy in Digital Business, Transactions on Large Scale Data and Knowledge Centered Systems, Vol.1, No.1, published by Springer Verlag within the LNCS journal subline 5729, September 2009.

  15. S. Fischer-Hubner, J. Nilsson. Trust and Assurance Control — UI Prototypes. PrimeLife Project Deliverable D4.2.1, June 2009.

  16. B. Fogg, J. Marshall, O. Laraki, A. Osipovich, C. Varma, N. Fang, J. Paul, A. Rangekar, J. Shon, P. Swani, M. Treinen: What makes web sites credible? a report on a large quantitative study. In Proceedings of the SIGCHI Conference on in Computing Systems, Seattle, 2001.

  17. N. Gruschka, L. Lo Iacono: Password Visualization Beyond Password Masking, INC 2010.

  18. N. Gruschka, L. Lo Iacono: Security for XML Data Binding, CMS 2010, 2010.

    Chapter  Google Scholar 

  19. D. Gentner, A.L. Stevens. Mental Models. Hillsdale NJ: Lawrence Erlenbaum Associates, 1983.

    Google Scholar 

  20. A. Herzog: Usable Security Policies for Runtime Environments, Linkoping Studies in Science and Technology, Dissertation No. 1075, 2007. Online verfugbar unter: http://www.ida.liu.se/~almhe/thesis/tek-dr-1075-full-version.pdf

  21. Imperva Application Defense Center: Consumer Password Worst Practices. Imperva 2010. Online verfugbar unter: http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf

  22. Information Card: http://informationcard.net/

  23. Java Security, Online available at: http://java.sun.com/javase/technologies/security/

  24. I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin: The Design and Analysis of Graphical Passwords, in Proceedings of the 8th USENIX Security Symposium, 1999.

  25. C. Jackson, D. R. Simon, D. S. Tan, A. Barth: An evaluation of extended validation and picture-in-picture phishing attacks, 1st International Workshop on Usable Security, Heidelberg, 2007.

  26. C.-M. Karat: Iterative Usability Testing of a Security Application, in: Computer Systems: Approaches to User Interface Design. Proc. Of the Human Factors Society 33rd Annual Meeting, vol.1, pp.273–277, 1989.

    Google Scholar 

  27. S. Lichtenstein, P. Slovic, B. Fischhoff, M. Layman, B. Combs. Judged frequency of lethal events. Journal of Experimental Psychology: Human Learning and Memory, 4, 551–578, 1978.

    Google Scholar 

  28. R. Leenes, M. Lips, R. Poels, M. Hoogwout, M. User aspects of Privacy and Identity Management in Online Environments: towards a theoretical model of social factors. in PRIME Framework V1 (chapter 9), Editors: S. Fischer-Hubner et al., PRIME project Deliverable D14.1.a, June 2005.

  29. T. Moses: Extensible access control markup language (XACML) version 2.0, 2005. OASIS Standard.

  30. R. Marty: Applied Security Visualization, Addison-Wesley Professional, 2008.

  31. J. Nielsen: Stop Password Masking. http://www.useit.com/alertbox/passwords.html

  32. J. Nielsen: Usability Engineering, Morgan Kaufmann Publisher Inc., 1993.

    Chapter  Google Scholar 

  33. OpenSocial: http://www.opensocial.org/

  34. J.S. Pettersson, S. Fischer-Hubner, N. Danielsson, J. Nilsson, M. Bergmann, S. Claus, Th. Kriegelstein, H. Krasemann: Making PRIME usable. SOUPS 2005 Symposium on Usable Privacy and Security, Carnegie Mellon University, July 6–8 July, 2005, Pittsburgh.

  35. A.S. Patrick, S. Kenny: From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interaction. Privacy Enhancing Technologies Workshop (PET2003), Dresden/Germany, 2003.

    Chapter  Google Scholar 

  36. A.S. Patrick, A.C. Long, S. Flinn: HCI and Security Systems, ACM SIGCHI Conference on Human Factors in Computing Systems (CHI 2003), Extended Abstracts (Workshops), 2003.

  37. L. Sjoberg: Factors in Risk Perception, Risk Analysis 20(1), pp. 1–12, 2000.

    Article  Google Scholar 

  38. P. Schaar: Tatigkeitsbericht zum Datenschutz fur die Jahre 2007 und 2008, April 2009. Online verfugbar unter: http://www.bfdi.bund.de/cln_134/DE/Oeffentlichkeitsarbeit/Taetigkeitsberichte/TB_node.html

  39. B. Schneier: The Pros and Cons of Password Masking. http://www.schneier.com/blog/archives/2009/07/theprosandco.html

  40. R.N. Shepard: Recognition Memory for Words, Sentences, and Pictures, Journal of Verbal Learning and Verbal Behavior, vol. 6, pp. 156–163, 1967.

    Article  Google Scholar 

  41. M. Stepp, Ch. Collberg: Browser-based Anti-Phishing Tools. In: Phishing and Countermeasures. Editors: Markus Jakobsson und Steven Myers, John Wiley & Sons, Inc. 2007.

  42. J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, L. F. Cranor: Crying Wolf: An Empirical Study of SSL Warning Effectiveness, in Proceedings of the 18th USENIX Security Symposium, 2009. Online verfugbar unter: http://www.usenix.org/events/sec09/tech/full_papers/sunshine.pdf

  43. C. Sandom, R. S. Harvey (Ed.): Human Factors for Engineers, The Institution of Engineering and Technology, 2004.

  44. SPARCLE Workbench: http://domino.research.ibm.com/comm/research_projects.nsf/pages/sparcle.index.html

  45. R. Stedman, K. Yoshida, I. Goldberg: A User Study of Off-the-Record Messaging, SOUPS Symposium on Usable Privacy and Security, Carnegie Mellon University, 2008, Pittsburgh.

  46. X. Suo, Y. Zhu, G S. Owen: Graphical Passwords: A Survey, 21st 2005 Annual Computer Security Applications Conference (ACSAC), 2005.

  47. UMU-XACML Editor: http://ants.dif.um.es/designs/nas_saml/

  48. VZ-Netzwerke prasentieren einmaliges OpenSocial Konzept mit umfassender Datenschutzlosung: http://blog.studivz.net/2009/12/07/vz-netzwerke-prasentiereneinmaliges-opensocial-konzept-mit-umfassender-datenschutzlosung/

  49. M. Wu, R. Miller, S. Garfinkel: Do Browser Toolbars Actually Prevent Phishing? In: Phishing and Countermeasures. Editors: Markus Jakobsson und Steven Myers, John Wiley & Sons, Inc. 2007.

  50. A. Whitten, J.D. Tygar: Why Jonny can’t encrypt. A usability evaluation of PGP 5.0. Proceedings of the 8th Usenix Security Symposium. S. 164–184, 1999.

Download references

Authors
  1. Simone Fischer-Hübner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luigi Lo Iacono
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sebastian Möller
    View author publications

    You can also search for this author in PubMed Google Scholar

Additional information

Prof. Dr. Simone Fischer-Hübner ist Professorin am Department of Computer Science der Universität Karlstad (Schweden). Forschungsgebiet: Privacy-enhancing Technologies, Security and Usable Privacy

Dr.-Ing Luigi Lo Iacono ist Dozent für Wirtschaftsinformatik an der Europäischen Fachhochschule, Brühl. Forschungsgebiet: Software und Security Engineering

Prof. Dr.-Ing. Sebastian Möller ist Professor am Institut für Softwaretechnik und Theoretische Informatik, Quality and Usability Lab der Deutsche Telekom Laboratories an der TU Berlin. Forschungsgebiet: Qualität, Security und Usability.

Dieser Text basiert zum Teil auf Arbeiten im Projekt PrimeLife, das im 7. EU-Forschungsrahmenprogramm (FP7/2007-2013) unter dem Grant Agreement Nr. 216483 gefördert wird.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Fischer-Hübner, S., Lo Iacono, L. & Möller, S. Usable Security und Privacy. DuD 34, 773–782 (2010). https://doi.org/10.1007/s11623-010-0210-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11623-010-0210-4

Search

Navigation