Modul Benutzbare Sicherheit
Description of the Module
In this module, participants learn the ability to critically consider the "human" factor when designing safe systems. In particular, an understanding of the requirements of such systems with regard to their security but also their usability is created. The students are taught the basics of usable security (basic terms, security mechanisms, threat models). They acquire in-depth methodological knowledge that enables them to evaluate concepts and systems in terms of security and usability. Based on the theoretical foundation and methodological knowledge, the ability to design and practically implement secure and usable systems is acquired in the practical part of the module.
Content
Technology cannot be the sole solution to IT security challenges. Today, we are able to create mechanisms that are currently unbreakable. Nevertheless, security is still an unsolved problem in many areas because many of the systems and mechanisms we have developed are not usable. As a result, people voluntarily or involuntarily find ways to defeat such mechanisms.
Human factors play a central role in IT security. Therefore, it is important for usable security professionals to develop an understanding of how humans interact with the systems we develop. This module introduces participants to a variety of usability and privacy challenges in secure systems. It provides the theoretical, methodological, and practical foundations for designing secure and usable systems.
Courses
Safe Human-Machine Interfaces - The lecture provides basic knowledge for the conception, design and evaluation of usable and at the same time safe human-machine interfaces. For this purpose, the first part deals with human information processing (physiological and psychological foundations, models, action processes) as well as the technical realization of user interfaces (input and output devices, interaction styles) and presents user-oriented design processes, guidelines and standards for usability and safety. The second part is dedicated to the evaluation and assessment of human-machine interfaces with respect to different criteria. This requires a broad knowledge in research methodology. Therefore, different study types (e.g., descriptive studies, relational studies, experimental studies), study paradigms (including ethnography, laboratory studies, field studies, deployments), and data collection methods (e.g., questionnaires, interviews, observations, experience sampling, and crowdsourcing) are covered.
Usable Security – This course provides an overview of challenges regarding the usability of secure and usable systems. Students will learn about different security mechanisms and mental models of users. They will also get an introduction to threat modeling and an overview of relevant research methods. The course is intended for students who are interested in security and privacy and want to learn more about usability, as well as students who are interested in usability but want to learn more about security and privacy.
Designing Secure and Usable Systems – The goal of this lab is to learn user-centered techniques for conceptualizing, designing, and implementing safe and usable systems. Participants in this course will receive a detailed introduction to the user-centered design process. Novel concepts will be developed in small groups. Selected concepts are then prototyped and tested for safety and usability using user studies.