Post on 19-Jan-2015
description
Azadeh NematzadehOmar Sosa-TzecSchool of Informatics and Computing Indiana University
Design Research Society Conference 2014June 16, 2014. Umeå, Sweden
Experience Design Framework for Securing Large Scale Information and Communication Systems
1. Security and Privacy Concerns
2. Information and Communication Systems (ICSs) Concerns
3. Complex Systems and ICSs
4. Security and Privacy Framework
5. Implications
6. Conclusions
agenda
1 . Security and Privacy Concerns
As designers, what and howdo we think about
security and privacyof Information and
Communication Systems?
People have di!ferent privacy and security concerns
Picture source: http://bit.ly/1xFLspW
responsibility on the users’ hands
between public and private
Unknown and unpredictable security and privacy threats and failures
2. ICSs concerns
Heterogeneity of users
Image by the authors
u
u
u
u
u
u
u
u
uu
u
u
u
u
u
u
u
u
u
u
u
u
u
diverse people: a “world” using icss
ICSs entailmultiple use scenarios
same system, different use
different security and privacy scenarios
Use scenarios change over time
Information and Communication Systems also change
3. Complex Systems and ICSs
Picture source: http://karaaustin.blogspot.com/
complex systems
Picture source: http://tinyurl.com/k76185y Picture source: http://bit.ly/SDVhE9 Picture source: http://dailym.ai/IUNYDM
Aspects of security and privacy in ICSs show the characteristics of
complex systems
Picture source: http://bit.ly/1oWmXiy
evolution
Picture source: http://bit.ly/1qBWKXJ
As complex systems, ICSs entail user-system coevolution
Image by the authors
ICSTimeUser
User-System Coevolution
4. Security and Privacy Framework
Complex System
Heterogeneity of users
User's privacy and security concerns and behaviors
Multiple use scenarios
Evolvable use scenarios
Evolution on ICT infrastructure
security and privacy challenges for experience design
AvoidUnintentional
Disclosure
Securityand Privacy
Matters
Expandability
Personalization
AdaptabilityUsability
Image by the authors
framework
security and privacy matters
Image by the authors
* Discussion* Re!lection
* Interaction !lows
* Possible security and privacy mechanisms
* Taking into account dynamic behavior
* How to mitigate future attacks* Think about possible system failures
* Generalities of the users* Context of use* Technological aspects
Security and Privacy
Specialist
ExperienceDesigner
User
personalization
Image by the authors
Users: group 1 Users: group n-1
Large-Scale ICS
Privacy and Security Mechanisms
Users: group n
SensitiveParameters
SensitiveParameters
SensitiveParameters
Facebook images from author's profile
personalization
adaptability, expandability and usability
Image by the authors
User
tn t n+1User's attributes
Interaction withthe system
User's attributes
ICS
Facebook images from author's profile
adaptability, expandability and usability
Facebook images from author's profile
unintentional disclosure
5. Implications
ICSTimeUser
+ +
what is the meaning of this relation?
The experience designer as translator and communicator
of knowledge
ICS
TimeUser
ExperienceDesigner
Securityand Privacy Specialist
Client andStakeholders
User-System Coevolution
Design Process
ICSs entail a challenge forboth design practice
and design pedagogy
6. Conclusions
We proposed an experience design framework constituted
by six security and privacy principles
Security and Privacy MattersPersonalization
AdaptabilityExpandability
UsabilityAvoid Unintentional Disclosure
Complex SystemsHeterogeneity of Users
Multiple and Evolvable Use ScenariosUser-System Coevolution
Security and PrivacyExperience Design
Our attempt is to open a conversation about security
and privacy, and also about the implications of user-system
coevolution in ICSs for experience design.
azadnema@indiana.eduhttp://mypage.iu.edu/~azadnema/
omarsosa@indiana.eduhttp://tzec.com/
Paper available at:http://goo.gl/qZ7qsA
Thank you!
Questions?