Evaluating Security Tools towards Usable Security

Abstract

The main success of the internet is its openness. To guarantee security in the internet - for example to protect the user’s privacy or the security of online transactions - the use of security tools is essential. Because today’s internet users cover almost all educational levels and professional groups, we assume that they will be mostly security novices. Unfortunately, the usage of today’s security tools is mostly too complex and incomprehensible, thus opening security leaks caused by incorrect usage. In order to identify security leaks arising from the user interface, an objective measure for the usability of security tools is necessary. At present, such a measure does not exist. This paper develops such a measure for the usability of security tools. We propose problem categories for errors in security tools. Based on this categorization, we propose a taxonomy for the usability of security functions. Applying this taxonomy, security functions may be ranked according to the user’s ability to avoid self-induced, security-critical user errors. Additionally, the taxonomy may explain possible causes of errors, introducing design alternatives to avoid these errors.