experience design framework for securing large scale information and communication systems
DESCRIPTION
* Paper presented at the Design Research Society Conference 2014 at Umeå, Sweden. It proposes a framework for UX design regarding security and privacy of Information and Communication Systems (ICSs) ---- Abstract ----- Securing Information and Communication Systems (ICSs) is a highly complex process due in large part to the feedback relationship that holds between the users and the system and its 'ecosystem' of usage. Such a relationship is critical for experience designers. The design of secure systems can thereby be enhanced by using principles from disciplines where similar relations hold, such as security engineering and adaptive systems. In this work, we propose a user experience design framework based on six principles and use a social networking system as an example of its application. The proposed design principles are grounded in complex systems theory. We address several potential security and privacy challenges inherent in the design of a large-scale adaptive system. By means of this framework we reflect upon the participation of an experience designer regarding the conceptualization, selection, review, and update of security and privacy matters. In this sense, we observe the role of the designer as a translator across disciplines. By introducing our framework, we also attempt to start a conversation about the challenges a designer faces in the appropriation of this role, either for the case of securing large-scale systems or in those situations where the boundaries of design and knowledge from other disciplines already overlap.TRANSCRIPT
Azadeh NematzadehOmar Sosa-TzecSchool of Informatics and Computing Indiana University
Design Research Society Conference 2014June 16, 2014. Umeå, Sweden
Experience Design Framework for Securing Large Scale Information and Communication Systems
1. Security and Privacy Concerns
2. Information and Communication Systems (ICSs) Concerns
3. Complex Systems and ICSs
4. Security and Privacy Framework
5. Implications
6. Conclusions
agenda
1 . Security and Privacy Concerns
As designers, what and howdo we think about
security and privacyof Information and
Communication Systems?
People have di!ferent privacy and security concerns
Picture source: http://bit.ly/1xFLspW
responsibility on the users’ hands
between public and private
Unknown and unpredictable security and privacy threats and failures
2. ICSs concerns
Heterogeneity of users
Image by the authors
u
u
u
u
u
u
u
u
uu
u
u
u
u
u
u
u
u
u
u
u
u
u
diverse people: a “world” using icss
ICSs entailmultiple use scenarios
same system, different use
different security and privacy scenarios
Use scenarios change over time
Information and Communication Systems also change
3. Complex Systems and ICSs
Picture source: http://karaaustin.blogspot.com/
complex systems
Picture source: http://tinyurl.com/k76185y Picture source: http://bit.ly/SDVhE9 Picture source: http://dailym.ai/IUNYDM
Aspects of security and privacy in ICSs show the characteristics of
complex systems
Picture source: http://bit.ly/1oWmXiy
evolution
Picture source: http://bit.ly/1qBWKXJ
As complex systems, ICSs entail user-system coevolution
Image by the authors
ICSTimeUser
User-System Coevolution
4. Security and Privacy Framework
Complex System
Heterogeneity of users
User's privacy and security concerns and behaviors
Multiple use scenarios
Evolvable use scenarios
Evolution on ICT infrastructure
security and privacy challenges for experience design
AvoidUnintentional
Disclosure
Securityand Privacy
Matters
Expandability
Personalization
AdaptabilityUsability
Image by the authors
framework
security and privacy matters
Image by the authors
* Discussion* Re!lection
* Interaction !lows
* Possible security and privacy mechanisms
* Taking into account dynamic behavior
* How to mitigate future attacks* Think about possible system failures
* Generalities of the users* Context of use* Technological aspects
Security and Privacy
Specialist
ExperienceDesigner
User
personalization
Image by the authors
Users: group 1 Users: group n-1
Large-Scale ICS
Privacy and Security Mechanisms
Users: group n
SensitiveParameters
SensitiveParameters
SensitiveParameters
Facebook images from author's profile
personalization
adaptability, expandability and usability
Image by the authors
User
tn t n+1User's attributes
Interaction withthe system
User's attributes
ICS
Facebook images from author's profile
adaptability, expandability and usability
Facebook images from author's profile
unintentional disclosure
5. Implications
ICSTimeUser
+ +
what is the meaning of this relation?
The experience designer as translator and communicator
of knowledge
ICS
TimeUser
ExperienceDesigner
Securityand Privacy Specialist
Client andStakeholders
User-System Coevolution
Design Process
ICSs entail a challenge forboth design practice
and design pedagogy
6. Conclusions
We proposed an experience design framework constituted
by six security and privacy principles
Security and Privacy MattersPersonalization
AdaptabilityExpandability
UsabilityAvoid Unintentional Disclosure
Complex SystemsHeterogeneity of Users
Multiple and Evolvable Use ScenariosUser-System Coevolution
Security and PrivacyExperience Design
Our attempt is to open a conversation about security
and privacy, and also about the implications of user-system
coevolution in ICSs for experience design.
[email protected]://mypage.iu.edu/~azadnema/
[email protected]://tzec.com/
Paper available at:http://goo.gl/qZ7qsA
Thank you!
Questions?