User Interaction Design for Secure Systems

Following up on my previous post about Secure Interaction Design, I found Ka-Ping Yee's paper on User Interaction Design for Secure Systems worth the read.

The security of any computer system that is confgured or operated by human beings critically depends on the information conveyed by the user interface, the decisions of the users, and the interpretation of their actions. This paper establishes some starting points for reasoning about security from a user-centred point of view: it proposes to model systems in terms of actors and actions, and introduces the concept of the subjective actor-ability state.

If you are interested in understanding this model of thinking as it relates to the user experience in secure systems, it is well worth your time to check this out.

Happy reading.