In CASA we study the intersection of computer security and privacy with human factors. Especially writing secure software that is also usable is a huge challenge for many software developers. In the past, software vulnerabilities or bad user interface design and interaction choices were often caused by single developers or small groups of them but impacted millions of users with serious consequences to the users’ data security or privacy. Deploying more systems with software that is more secure and more security software with better usability will result in the increased effort required to attack these systems making mass attacks harder for large scale attackers. The project adresses Research Challenge 10 „Engineers and Usability“ of CASA which focuses on methods that will enable us to improve the usability of security and privacy mechanisms for engineers such as cryptographers, software developers, but also system administrators.

Project Goals:

We address four objectives that make a major contribution to the goals of CASA and future software security: 

• Gain detailed insights into professional software development teams and their development practices for security measures. Based on this, identify interventions that can shift developers ‘hearts’ and ‘minds’ in favour of security and usability.
• Gain in-depth knowledge on how security software providers design and implement user interfaces and interactions for their software. Understand the decision-making processes and identify intervention points.
• Long-term transformation of professional habits by a commitment towards continuous improvement and the habit of ‘evaluation and reflection’ cycles. Encourage software developers to identify security and usability skill gaps and offer training and tools.
• Develop a set of usability knowledge and security application examples that can be introduced as part of the reflections cycles in the development process.