Secure Interaction
Design
Kami Vaniea
1
Overview

Designing secure interfaces
 Design

principles
Firefox extensions
 Cookies
 Phishing
 Tracking
2
Overview

Designing secure interfaces
 Design

principles
Firefox extensions
 Petname
 Add
N Edit Cookies
 Cookie Culler
 Cookie Button
 Distrust
 X Paranoia
3
Secure Interaction Design

Designing a computer system to protect
the interests of its legitimate user
4
Problems
Viruses
 Spyware
 Phishing
 Online tracking
 Unintentional disclosure of information

5
Mental Models

For software to protect its users interests,
its behavior should be consistent with the
user’s expectations.
What the
user thinks
is
happening
What is really
happening
What is shown in
the interface
6
Designation vs. Admonition

Security by designation
 When
a user designates an action, take appropriate
security related actions
 Double clicking a Word document

Security by admonition
 Provide
notifications that the user looks at and takes
appropriate action from
 Display a warning when the user tries to do
something dangerous
7
Design Principles
Know your audience
 Think like your audience
 Eliminate clutter
 Eliminate complexity
 Create just enough feedback
 Be a customer advocate when usability
and competitive pressure collide

8
Know Your Audience
Who are they?
 What skills do they have?
 If you don’t know who they are you can’t
think like them
 If your product doesn’t match your
audience then it will not do as well as it
could have

9
Think Like Your Audience
Present your design to other people to get
feedback
 Think of a representative of your audience
and design for them

 Could
my mother use this?
10
Eliminate Clutter
Think about the tasks the user needs to
perform
 If a word or button is not necessary to
those tasks then remove it

11
Eliminate Complexity
Again what are the tasks the user needs to
perform
 Dose your design allow them to complete
these tasks in the simplest manner
 Design for the common tasks, don’t
sacrifice usability of common tasks for
usability of rare or unlikely tasks

12
Create Just Enough Feedback
Users just want it to work
 If it can be done safely without their
involvement do it
 They want to be reassured it is working in
unobtrusive ways

13
Be a Customer Advocate When
Usability and Competitive Pressure
Collide
Its your job to make sure that customers
don’t suffer from poor design
 Be willing to compromise with developers
if it gets a better interface

14
Questions
15
Overview

Designing secure interfaces
 Design

principles
Firefox extensions
 Petname
 Add
N Edit Cookies
 Cookie Culler
 Cookie Button
 Distrust
 X Paranoia
16
Firefox
A free web browser
 “Browse the Web with confidence - Firefox
protects you from viruses, spyware and
pop-ups. Enjoy improvements to
performance, ease of use and privacy.“3
 www.getfirefox.com

17
Firefox Extensions

“Extensions are small add-ons that add
new functionality to Firefox. They can
add anything from a toolbar button to a
completely new feature. They allow the
application to be customized to fit the
personal needs of each user if they need
additional features, while keeping Firefox
small to download. “2
18
Firefox Extensions
19
Firefox Extensions
20
Anti-Paranoia

Takes all your doubts and gives you confidence.
Especially if you are working on security, you might get
the feeling that your part of something really big and
maybe even evil.
How can your extension help me? It will pop up
calmative messages for you to feel relaxed while
browsing the web.
No, this extension will not spy and destroy your personal
data, remember: Everything is good!
21
Petname

“Need help avoiding phishing and spoofing attacks? The
petname tool can help you avoid online fraud by clearly
distinguishing your online relationships.
Using the petname tool, you can save a reminder note
about a relationship you have with a secure site. The
petname tool will then automatically display this reminder
note every time you visit the site. After following a
hyperlink, you need only check that the expected
reminder note is being displayed. If so, you can be sure
you are using the same site you have in the past.” 1
22
Petname
23
Petname
24
Petname
25
Cookies

A cookie is a small file downloaded by
your web browser that is used to identify
you to a website.
26
Cookie Examples

Doubleclick.com
 id80000060da01136doubleclick.net/10243237
9712029957155287164811229736878*

Sun
 SUN_ID128.2.141.103:49701134167353sun.c
om/153624479276803122654586416876829
752592*
27
Cookies

Convenient
 Automatic
login
 Personalization
 Session information

Not so Good
 Usage
tracking
 Targeted ads
 Unwanted logins
28
Firefox Cookie Settings
29
Add N Edit Cookies

Cookie Editor that allows you add and edit
"session" and saved cookies.
30
Add N Edit Cookies
31
Add N Edit Cookies
32
33
Design Principles
Know your audience
 Think like your audience
 Eliminate clutter
 Eliminate complexity
 Create just enough feedback
 Be a customer advocate when usability
and competitive pressure collide

34
35
Cookie Culler

Extended Cookie Manager-protect/unprotect selected cookies
36
Cookie Culler
37
Cookie Button in the Status Bar

Button for easy access to cookie
permissions in the status bar. For those
who have been asking for cookie button in
the status bar.
38
Cookie Button in the Status Bar
39
Cookie Button in the Status Bar
40
Distrust

Hide surfing trails that the browser leaves
behind.
AKA Private Browsing.
Once turned on this extension monitors
FireFox for its activities.
Once turned off Distrust will remove
history items cache and cookies that were
used during the distrust session.
41
Distrust
42
Distrust
43
X Paranoia

Adds a paranoia button to the toolbar
(clear your history, saved form information,
passwords, download history, cookies,
and/or cache with as little as two clicks).
44
X Paranoia
45
Design Principles
Know your audience
 Think like your audience
 Eliminate clutter
 Eliminate complexity
 Create just enough feedback
 Be a customer advocate when usability
and competitive pressure collide

46
Bibliography
1.
2.
3.
Petname Firefox Extension:
https://addons.mozilla.org/extensions/mo
reinfo.php?id=957&application=firefox
Firefox Extensions
(https://addons.mozilla.org/extensions/?a
pplication=firefox)
Firefox (http://www.mozilla.com/firefox/)
47