Webinos D2.8: Update On User Expectations For Security And Privacy

Webinos Consortium
2011 Zenodo  
This document describes the output of deliverable 2.8: Updates to user expectations of privacy and security. As a continuation of deliverable 2.7, several significant contributions are made. First, the key issues from related work packages that this deliverable needs to address are introduced, together with a state of the art review on risk analysis, misuse cases and HCI-Security and design. Second, based on this review, 12 misuse cases are presented. Each misuse case contextualises a risk,
more » ... h is itself constructed from threats and vulnerabilities that are specific to particular webinos environments; these environments are modelled using UML-based asset diagrams and are based on key webinos architectural and application environments. For each misuse case, we proposed recommendations for dealing with each related risk. Third, we describe qualitative research carried out to identify factors that impact the elicitation, categorisation, and grouping of security and privacy policy concepts in multiple contexts. This research involved carrying out focus groups where recruited participants carried out a n affinity diagramming exercise corresponding to the development of a context-sensitive security policy. The participants were recruited based on their similarity to one of three selected personas elicited in deliverable 2.7. In total, 3 focus groups of 3-4 participants were carried out for each of the three selected persona. A report was written for each focus group and, based on a qualitative data analysis of each report, summarised results and recommendations for webinos were proposed. Fourth, based on issues identified during both the focus groups and other webinos activities, personal and design issues likely to impact the usability of webinos for selected personas were identified. These issues were illustrated with misusability cases describing how the webinos design leads to usability issues inadvertently causing security problems. Based on 5 selected personas, 5 misusability cases were identified. Based on [...]
doi:10.5281/zenodo.1154318 fatcat:nrrr5o6txzdnxp7vkdtpdakjpm