1 secure interaction design kami vaniea. 2 overview designing secure interfaces design principles...
TRANSCRIPT
1
Secure Interaction Design
Kami Vaniea
2
Overview
Designing secure interfacesDesign principles
Firefox extensionsCookiesPhishingTracking
3
Overview
Designing secure interfaces Design principles
Firefox extensions Petname Add N Edit Cookies Cookie Culler Cookie Button Distrust X Paranoia
4
Secure Interaction Design
Designing a computer system to protect the interests of its legitimate user
5
Problems
Viruses Spyware Phishing Online tracking Unintentional disclosure of information
6
Mental Models
For software to protect its users interests, its behavior should be consistent with the user’s expectations.
What the user thinks
is happening
What is shown in the interface
What is really happening
7
Designation vs. Admonition
Security by designation When a user designates an action, take appropriate
security related actions Double clicking a Word document
Security by admonition Provide notifications that the user looks at and takes
appropriate action from Display a warning when the user tries to do
something dangerous
8
Design Principles
Know your audience Think like your audience Eliminate clutter Eliminate complexity Create just enough feedback Be a customer advocate when usability
and competitive pressure collide
9
Know Your Audience
Who are they? What skills do they have? If you don’t know who they are you can’t
think like them If your product doesn’t match your
audience then it will not do as well as it could have
10
Think Like Your Audience
Present your design to other people to get feedback
Think of a representative of your audience and design for themCould my mother use this?
11
Eliminate Clutter
Think about the tasks the user needs to perform
If a word or button is not necessary to those tasks then remove it
12
Eliminate Complexity
Again what are the tasks the user needs to perform
Dose your design allow them to complete these tasks in the simplest manner
Design for the common tasks, don’t sacrifice usability of common tasks for usability of rare or unlikely tasks
13
Create Just Enough Feedback
Users just want it to work If it can be done safely without their
involvement do it They want to be reassured it is working in
unobtrusive ways
14
Be a Customer Advocate When Usability and Competitive Pressure Collide Its your job to make sure that customers
don’t suffer from poor design Be willing to compromise with developers
if it gets a better interface
15
Questions
16
Overview
Designing secure interfaces Design principles
Firefox extensions Petname Add N Edit Cookies Cookie Culler Cookie Button Distrust X Paranoia
17
Firefox
A free web browser “Browse the Web with confidence - Firefox
protects you from viruses, spyware and pop-ups. Enjoy improvements to performance, ease of use and privacy.“3
www.getfirefox.com
18
Firefox Extensions
“Extensions are small add-ons that add new functionality to Firefox. They can add anything from a toolbar button to a completely new feature. They allow the application to be customized to fit the personal needs of each user if they need additional features, while keeping Firefox small to download. “2
19
Firefox Extensions
20
Firefox Extensions
21
Anti-Paranoia
Takes all your doubts and gives you confidence.
Especially if you are working on security, you might get the feeling that your part of something really big and maybe even evil.
How can your extension help me? It will pop up calmative messages for you to feel relaxed while browsing the web.
No, this extension will not spy and destroy your personal data, remember: Everything is good!
22
Petname
“Need help avoiding phishing and spoofing attacks? The petname tool can help you avoid online fraud by clearly distinguishing your online relationships.
Using the petname tool, you can save a reminder note about a relationship you have with a secure site. The petname tool will then automatically display this reminder note every time you visit the site. After following a hyperlink, you need only check that the expected reminder note is being displayed. If so, you can be sure you are using the same site you have in the past.” 1
23
Petname
24
Petname
25
Petname
26
Cookies
A cookie is a small file downloaded by your web browser that is used to identify you to a website.
27
Cookie Examples
Doubleclick.com id80000060da01136doubleclick.net/
102432379712029957155287164811229736878* Sun
SUN_ID128.2.141.103:49701134167353sun.com/153624479276803122654586416876829752592*
28
Cookies
ConvenientAutomatic loginPersonalizationSession information
Not so GoodUsage trackingTargeted adsUnwanted logins
29
Firefox Cookie Settings
30
Add N Edit Cookies
Cookie Editor that allows you add and edit "session" and saved cookies.
31
Add N Edit Cookies
32
Add N Edit Cookies
33
34
Design Principles
Know your audience Think like your audience Eliminate clutter Eliminate complexity Create just enough feedback Be a customer advocate when usability
and competitive pressure collide
35
36
Cookie Culler
Extended Cookie Manager--protect/unprotect selected cookies
37
Cookie Culler
38
Cookie Button in the Status Bar
Button for easy access to cookie permissions in the status bar. For those who have been asking for cookie button in the status bar.
39
Cookie Button in the Status Bar
40
Cookie Button in the Status Bar
41
Distrust
Hide surfing trails that the browser leaves behind.AKA Private Browsing.Once turned on this extension monitors FireFox for its activities.Once turned off Distrust will remove history items cache and cookies that were used during the distrust session.
42
Distrust
43
Distrust
44
X Paranoia
Adds a paranoia button to the toolbar (clear your history, saved form information, passwords, download history, cookies, and/or cache with as little as two clicks).
45
X Paranoia
46
Design Principles
Know your audience Think like your audience Eliminate clutter Eliminate complexity Create just enough feedback Be a customer advocate when usability
and competitive pressure collide
47
Bibliography
1. Petname Firefox Extension: https://addons.mozilla.org/extensions/moreinfo.php?id=957&application=firefox
2. Firefox Extensions (https://addons.mozilla.org/extensions/?application=firefox)
3. Firefox (http://www.mozilla.com/firefox/)