Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

2 University of Ontario Institute of Technology. Oshawa.Canada.3 Instituto Tecnológico de León. León Guanajuato, México.

Ricardo Mendoza González 1, Jaime Muñoz Arteaga 1, Francisco J. Álvarez 1, Miguel Vargas Martin 2, Alberto Ochoa 3

1 Universidad Autónoma de Aguascalientes. Aguascalientes, México.

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

Introduction

• A well-designed user interface is critical if the adequate use, and the effectiveness of security features, depend on it.

• Many criteria are available to facilitate the design of a user interface, like the new HCI-S or Security Human Computer Interaction.

• Similar approaches for notification have emerged recently, such as the use of sonification alerts.

• We present a guide to design an adequate security information feedback, applying the HCI-S criteria to establish the visual notifications, and complementing it with auditive alerts to achieve a better feedback.

Slide 1 of 11

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

• “The part of a user interface which is responsible for establishing the common ground between a user and the security features of a system. HCI-S is human computer interaction applied in the area of computer security” (see Johnston et al. [1]).

• 6 design criteria was proposed by Johnston in [1]: 1. Visibility of system status: The interface must inform

the user about the internal state of the system.2. Aesthetic and minimalist design: Only relevant security

information should be displayed. The user must not be saturated with information and options.

3. Satisfaction: The security activities must be easy to realize and understand.

A general view of the HCI-S criteria

Slide 2 of 11

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

4. Convey features: The interface needs to convey the available security features to the user clearly and appropriately; a good way to do it is by using figures or pictures.

5. Learnability: The interface needs to be as non-threatening and easy to learn as possible; it may be accomplished using real-world metaphors, or pictures of keys and padlocks.

6. Trust: It is essential for the user to trust the system. This is particularly important in a security environment. The successful application of the previous criteria should typically result in a trusted environment.

A general view of the HCI-S criteria

Slide 3 of 11

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

Problem outline

Slide 4 of 11

• A usable interface is critical if the adequate use and the effectiveness of security features depend of it.

• The security features of a specific on-line system must be shown in an easy to understand manner.

• It is well known, that an adequate feedback reduces the possibility that the final users ignores some security notification or other information related with the internal state of the system.

• The design guidelines are oriented towards the design of a usable security information feedback, easy to understand and interpret by users with different experience and backgrounds (experts, advanced, and beginners).

• The proposed design guidelines may complement previous efforts by including sonification and the new HCI-S criteria.

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

A Guide to Design Information Security Feedback

Slide 5 of 11

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

A Guide to Design Information Security Feedback

Slide 6 of 11

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

A simple example

Slide 8 of 11

For this example, we consider the prototype sonification of threatsproposed by Garcia-Ruiz et al. [2]; the prototype establishes a relationship between a potential threat and a specific animal sound effect.

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

A simple example

Slide 9 of 11

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

Related work

Slide 10 of 11

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

Concluding remarks and future work

• With the proposed design guide is possible to achieve an appropriate feedback through the elements of the interface by means of visual and auditive notifications about information related with the security and the internal state of a particular on-line system.

• In the same way, the guidelines are oriented to generate interfaces easy to understand and interpret by users with different experience and backgrounds (experts, advanced, and beginners).

• There are several aspects to explore as future work, like increasing the number of elements of the classification, and improving the classification, to be a component of a formal specification for the feedback of security information design.

Slide 11 of 11

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

1. Jonston, J., Eloff, J., Labuschagne, L.: Security and human computer interfaces. Computers & Security Vol. 22, Elsevier Ltd, No 8 0167-4048/03 (2003) 675-684

2. García-Ruiz, M., Vargas Martin, M., Kapralos, B.: Towards Multimodal Interfaces for Intrusion Detection. Audio Engineering Society: Pro Audio Expo and Convention. Vienna, Austria (2007)

3. Rode, J., Johansson, C., DiGioia, P., Silva Filho, R., Nies, K., Nguyen, D. H., Ren, J., Dourish, P., Redmiles, D.: Seeing Further: Extending Visualization as a Basis for Usable Security. Symposium on Usable Privacy and Security (SOUPS). Pittsburgh, PA, Julio 12-14, (2006)

4. Yurcik, W., Barlow, J., Lakkaraju, K., Haberman, M.: Two Visual Computer Network Security Monitoring Tools Incorporating Operator Interface Requirements. Workshop on Human-Computer Interaction and Security Systems part of CHI 2003. Fort Lauderdale, Florida, April 5-10, (2003)

References

Integration of Auditive and Visual Feedback in the Design of Interfaces for

Security Applications. CLIHC 2007 September 10–11 Rio de Janeiro Brazil

5. Cranor Faith, L.: Designing a Privacy Preference Specification Interface: A Case Study. Workshop on Human-Computer Interaction and Security Systems part of CHI 2003. Fort Lauderdale, Florida, April 5-10, (2003)

6. Ka-Ping, Y.: Secure Interaction Design and the Principle of Least Authority. Workshop on Human-Computer Interaction and Security Systems part of CHI 2003. Fort Lauderdale, Florida, April 5-10, (2003).

7. McCrickard, S., Czerwinski, M., Bartramc, L.: Introduction: design and evaluation of notification user interfaces. International Journal of Human Computer Studies No 58, Elsevier Science Ltd, (2003) 509-514.

8. Mendoza, R., Muñoz, J., Álvarez, F., Vargas Martin, M.: Monitoreo del Desempeño de los Factores de Seguridad de una Transacción Web a través de la Interfaz de Usuario. VI Jornada Iberoamericana de Ingeniería de Software Ingeniería del Conocimiento JIISIC, Lima, Perú, (2007) 275-282

References