1 / 47

Secure Interaction Design

Secure Interaction Design. Kami Vaniea. Overview. Designing secure interfaces Design principles Firefox extensions Cookies Phishing Tracking. Overview. Designing secure interfaces Design principles Firefox extensions Petname Add N Edit Cookies Cookie Culler Cookie Button Distrust

nikki
Download Presentation

Secure Interaction Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Interaction Design Kami Vaniea

  2. Overview • Designing secure interfaces • Design principles • Firefox extensions • Cookies • Phishing • Tracking

  3. Overview • Designing secure interfaces • Design principles • Firefox extensions • Petname • Add N Edit Cookies • Cookie Culler • Cookie Button • Distrust • X Paranoia

  4. Secure Interaction Design • Designing a computer system to protect the interests of its legitimate user

  5. Problems • Viruses • Spyware • Phishing • Online tracking • Unintentional disclosure of information

  6. Mental Models • For software to protect its users interests, its behavior should be consistent with the user’s expectations. What the user thinks is happening What is really happening What is shown in the interface

  7. Designation vs. Admonition • Security by designation • When a user designates an action, take appropriate security related actions • Double clicking a Word document • Security by admonition • Provide notifications that the user looks at and takes appropriate action from • Display a warning when the user tries to do something dangerous

  8. Design Principles • Know your audience • Think like your audience • Eliminate clutter • Eliminate complexity • Create just enough feedback • Be a customer advocate when usability and competitive pressure collide

  9. Know Your Audience • Who are they? • What skills do they have? • If you don’t know who they are you can’t think like them • If your product doesn’t match your audience then it will not do as well as it could have

  10. Think Like Your Audience • Present your design to other people to get feedback • Think of a representative of your audience and design for them • Could my mother use this?

  11. Eliminate Clutter • Think about the tasks the user needs to perform • If a word or button is not necessary to those tasks then remove it

  12. Eliminate Complexity • Again what are the tasks the user needs to perform • Dose your design allow them to complete these tasks in the simplest manner • Design for the common tasks, don’t sacrifice usability of common tasks for usability of rare or unlikely tasks

  13. Create Just Enough Feedback • Users just want it to work • If it can be done safely without their involvement do it • They want to be reassured it is working in unobtrusive ways

  14. Be a Customer Advocate When Usability and Competitive Pressure Collide • Its your job to make sure that customers don’t suffer from poor design • Be willing to compromise with developers if it gets a better interface

  15. Questions

  16. Overview • Designing secure interfaces • Design principles • Firefox extensions • Petname • Add N Edit Cookies • Cookie Culler • Cookie Button • Distrust • X Paranoia

  17. Firefox • A free web browser • “Browse the Web with confidence - Firefox protects you from viruses, spyware and pop-ups. Enjoy improvements to performance, ease of use and privacy.“3 • www.getfirefox.com

  18. Firefox Extensions • “Extensions are small add-ons that add new functionality to Firefox. They can add anything from a toolbar button to a completely new feature. They allow the application to be customized to fit the personal needs of each user if they need additional features, while keeping Firefox small to download. “2

  19. Firefox Extensions

  20. Firefox Extensions

  21. Anti-Paranoia • Takes all your doubts and gives you confidence. Especially if you are working on security, you might get the feeling that your part of something really big and maybe even evil.How can your extension help me? It will pop up calmative messages for you to feel relaxed while browsing the web.No, this extension will not spy and destroy your personal data, remember: Everything is good!

  22. Petname • “Need help avoiding phishing and spoofing attacks? The petname tool can help you avoid online fraud by clearly distinguishing your online relationships.Using the petname tool, you can save a reminder note about a relationship you have with a secure site. The petname tool will then automatically display this reminder note every time you visit the site. After following a hyperlink, you need only check that the expected reminder note is being displayed. If so, you can be sure you are using the same site you have in the past.”1

  23. Petname

  24. Petname

  25. Petname

  26. Cookies • A cookie is a small file downloaded by your web browser that is used to identify you to a website.

  27. Cookie Examples • Doubleclick.com • id80000060da01136doubleclick.net/102432379712029957155287164811229736878* • Sun • SUN_ID128.2.141.103:49701134167353sun.com/153624479276803122654586416876829752592*

  28. Cookies • Convenient • Automatic login • Personalization • Session information • Not so Good • Usage tracking • Targeted ads • Unwanted logins

  29. Firefox Cookie Settings

  30. Add N Edit Cookies • Cookie Editor that allows you add and edit "session" and saved cookies.

  31. Add N Edit Cookies

  32. Add N Edit Cookies

  33. Design Principles • Know your audience • Think like your audience • Eliminate clutter • Eliminate complexity • Create just enough feedback • Be a customer advocate when usability and competitive pressure collide

  34. Cookie Culler • Extended Cookie Manager--protect/unprotect selected cookies

  35. Cookie Culler

  36. Cookie Button in the Status Bar • Button for easy access to cookie permissions in the status bar. For those who have been asking for cookie button in the status bar.

  37. Cookie Button in the Status Bar

  38. Cookie Button in the Status Bar

  39. Distrust • Hide surfing trails that the browser leaves behind.AKA Private Browsing.Once turned on this extension monitors FireFox for its activities.Once turned off Distrust will remove history items cache and cookies that were used during the distrust session.

  40. Distrust

  41. Distrust

  42. X Paranoia • Adds a paranoia button to the toolbar (clear your history, saved form information, passwords, download history, cookies, and/or cache with as little as two clicks).

  43. X Paranoia

  44. Design Principles • Know your audience • Think like your audience • Eliminate clutter • Eliminate complexity • Create just enough feedback • Be a customer advocate when usability and competitive pressure collide

  45. Bibliography • Petname Firefox Extension: https://addons.mozilla.org/extensions/moreinfo.php?id=957&application=firefox • Firefox Extensions (https://addons.mozilla.org/extensions/?application=firefox) • Firefox (http://www.mozilla.com/firefox/)

More Related