Goals of This Book

In 1975, Jerome Saltzer and Michael Schroeder^[2] identified psychological acceptability as one of the eight key principles for building secure systems. In 1983, Donald Norman^[3] noted that many user errors resulting in data loss are often the result, in part, of poor interface design. "People will make errors, so make the system insensitive to them," he wrote. Instead of simply requiring confirmation of irreversible actionsconfirmations that themselves become automaticNorman argued that systems should be designed so that their actions are both visible and undoable.

^[2] J. Saltzer and M. Schroeder, "The Protection of Information in Computer Systems," Proceedings of the IEEE 63:9 (1975), 12781308.

^[3] Donald A. Norman, "Design Rules Based on Analyses of Human Error," Communications of the ACM 26:4, 254258.

While there is much agreement among security practitioners that we need to find ways of designing secure systems that people can use, there is less agreement about how to reach this goal. In this book, we have brought together chapters that discuss case studies of usable secure system design along with the latest thinking about how to approach this problem. While we can't offer you a step-by-step foolproof approach to usable secure system design, we hope this book will inform future design efforts and give developers important insights that will lead to successful designs.