On providing systematized access to consolidated principles, guidelines and patterns for usable security research and development†-Reference-Cited by-同舟云学术

On providing systematized access to consolidated principles, guidelines and patterns for usable security research and development†

Published:2019-01-01 Issue:1 Volume:5 Page:
ISSN:2057-2085
Container-title:Journal of Cybersecurity
language:en
Short-container-title:

Author:

Gorski Peter L¹^ORCID,von Zezschwitz Emanuel²³,Lo Iacono Luigi¹^ORCID,Smith Matthew²³

Affiliation:

1. Data & Application Security Group, Faculty of Information, Media and Electrical Engineering, TH Köln – University of Applied Sciences, Cologne, Germany

2. Institute of Computer Science 4, University of Bonn, Germany

3. Fraunhofer FKIE, Germany

Abstract

Abstract We present a systematization of usable security principles, guidelines and patterns to facilitate the transfer of existing knowledge to researchers and practitioners. Based on a literature review, we extracted 23 principles, 11 guidelines and 47 patterns for usable security and identified their interconnection. The results indicate that current research tends to focus on only a subset of important principles. The fact that some principles are not yet addressed by any design patterns suggests that further work on refining these patterns is needed. We developed an online repository, which stores the harmonized principles, guidelines and patterns. The tool enables users to search for relevant guidance and explore it in an interactive and programmatic manner. We argue that both the insights presented in this article and the web-based repository will be highly valuable for students to get a good overview, practitioners to implement usable security and researchers to identify areas of future research.

Funder

German Federal Ministry for Economic Affairs and Energy

German Federal Ministry of Education and Research

Ministry of Culture and Science of the German State of North Rhine-Westphalia

Publisher

Oxford University Press (OUP)

Subject

Law,Computer Networks and Communications,Political Science and International Relations,Safety, Risk, Reliability and Quality,Social Psychology,Computer Science (miscellaneous)

Link

http://academic.oup.com/cybersecurity/article-pdf/5/1/tyz014/31572414/tyz014.pdf

Reference68 articles.

1. Users are not the enemy;Adams;Commun ACM,1999

2. What Usable Security Really Means: Trusting and Engaging Users

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Harnessing Web Accessibility Tools for WCAG 2.1 Migration of a Design System;2023 International Conference on Computing, Networking, Telecommunications & Engineering Sciences Applications (CoNTESA);2023-12-14

2. "Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15

3. Eight Lightweight Usable Security Principles for Developers;IEEE Security & Privacy;2023-01