Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Experience Design Framework for securing Large Scale Information and Communication Systems


Published on

* Paper presented at the Design Research Society Conference 2014 at Umeå, Sweden. It proposes a framework for UX design regarding security and privacy of Information and Communication Systems (ICSs)

---- Abstract -----
Securing Information and Communication Systems (ICSs) is a highly complex process due in large part to the feedback relationship that holds between the users and the system and its 'ecosystem' of usage. Such a relationship is critical for experience designers. The design of secure systems can thereby be enhanced by using principles from disciplines where similar relations hold, such as security engineering and adaptive systems. In this work, we propose a user experience design framework based on six principles and use a social networking system as an example of its application. The proposed design principles are grounded in complex systems theory. We address several potential security and privacy challenges inherent in the design of a large-scale adaptive system. By means of this framework we reflect upon the participation of an experience designer regarding the conceptualization, selection, review, and update of security and privacy matters. In this sense, we observe the role of the designer as a translator across disciplines. By introducing our framework, we also attempt to start a conversation about the challenges a designer faces in the appropriation of this role, either for the case of securing large-scale systems or in those situations where the boundaries of design and knowledge from other disciplines already overlap.

Published in: Design, Technology
  • Be the first to comment

  • Be the first to like this

Experience Design Framework for securing Large Scale Information and Communication Systems

  1. 1. Azadeh Nematzadeh Omar Sosa-Tzec School of Informatics and Computing Indiana University Design Research Society Conference 2014 June 16, 2014. Umeå, Sweden ExperienceDesignFrameworkfor SecuringLargeScaleInformationand CommunicationSystems
  2. 2. 1. SecurityandPrivacyConcerns 2. InformationandCommunicationSystems (ICSs) Concerns 3. ComplexSystemsandICSs 4. SecurityandPrivacyFramework 5. Implications 6. Conclusions agenda
  3. 3. 1.SecurityandPrivacyConcerns
  4. 4. Asdesigners,whatandhow dowethinkabout securityandprivacy ofInformationand CommunicationSystems?
  5. 5. People have different privacy and security concerns
  6. 6. Picturesource: responsibility on the users’ hands
  7. 7. between public and private
  8. 8. Unknown and unpredictable security and privacy threats and failures
  9. 9. 2.ICSsconcerns
  10. 10. Heterogeneity of users
  11. 11. Imagebytheauthors u u u u u u u u uu u u u u u u u u u u u u u diverse people: a “world” using icss
  12. 12. ICSs entail multiple use scenarios
  13. 13. same system, different use
  14. 14. different security and privacy scenarios
  15. 15. Use scenarios change over time
  16. 16. Information and Communication Systems also change
  17. 17. Picturesource:
  18. 18. 3.ComplexSystemsandICSs
  19. 19. Picturesource: complex systems Picturesource: Picturesource: Picturesource:
  20. 20. Aspects of security and privacy in ICSs show the characteristics of complex systems
  21. 21. Picturesource: self-organization
  22. 22. Picturesource: emergence
  23. 23. Picturesource: evolution Picturesource:
  24. 24. Picturesource: coevolution
  25. 25. As complex systems,ICSs entail user-system coevolution
  26. 26. Imagebytheauthors ICSTime User User-System Coevolution
  27. 27. 4.SecurityandPrivacyFramework
  28. 28. Complex System Heterogeneity of users User's privacy and security concerns and behaviors Multiple use scenarios Evolvable use scenarios Evolution on ICT infrastructure security and privacy challenges for experience design
  29. 29. Avoid Unintentional Disclosure Security and Privacy Matters Expandability Personalization AdaptabilityUsability Imagebytheauthors framework
  30. 30. security and privacy matters Imagebytheauthors *Discussion *Reflection *Interaction flows *Possible security and privacy mechanisms *Taking into account dynamic behavior *How to mitigate future attacks *Think about possible system failures *Generalities of the users *Context of use *Technological aspects Security and Privacy Specialist Experience Designer User
  31. 31. personalization Imagebytheauthors Users: group 1 Users: group n-1 Large-ScaleICS PrivacyandSecurityMechanisms Users: group n Sensitive Parameters Sensitive Parameters Sensitive Parameters
  32. 32. Facebookimagesfromauthor'sprofile personalization
  33. 33. adaptability, expandability and usability Imagebytheauthors User t n t n+1User's attributes Interaction with the system User's attributes ICS
  34. 34. Facebookimagesfromauthor'sprofile adaptability, expandability and usability
  35. 35. Facebookimagesfromauthor'sprofile unintentional disclosure
  36. 36. 5.Implications
  37. 37. ICSTime User + + what is the meaning of this relation?
  38. 38. The experience designer as translator and communicator of knowledge
  39. 39. ICS Time User Experience Designer Security and Privacy Specialist Client and Stakeholders User-SystemCoevolution DesignProcess
  40. 40. ICSs entail a challenge for both design practice and design pedagogy
  41. 41. 6.Conclusions
  42. 42. We proposed an experience design framework constituted by six security and privacy principles
  43. 43. Security and Privacy Matters Personalization Adaptability Expandability Usability Avoid Unintentional Disclosure
  44. 44. Complex Systems Heterogeneity of Users Multiple and Evolvable Use Scenarios User-System Coevolution Security and Privacy Experience Design
  45. 45. Our attempt is to open a conversation about security and privacy,and also about the implications of user-system coevolution in ICSs for experience design.
  46. 46. Paper available at: Thankyou! Questions?