Usable Security: Sozio-technische Aspekte der Informationssicherheit

General information

Type of lecture:Integrated Lecture / 4CP / 3SWS
Lecturer:Prof. Dr. Melanie Volkamer
Dr. Steffen Bartsch
Paul Gerber (Forschungsgruppe Arbeits- und Ingenieurpsychologie über zQSL Mittel gefördert)
Place / Time:S202/C120 / Wednesday 8:00 - 9:30
S202/C120 / Friday 8:00 - 9:30
(see schedule in internal area)
Requirements:Trusted Systems / HCI
Exam form:oral
Frequency:every summer semester


When humans use security mechanisms in information systems incorrectly – e.g., choose insecure passwords – the security of the system breaks down. Effective security thus particularly requires the affected people to have the expertise and the motivation to use the mechanism correctly. This course should provide the competencies to develop and evaluate effectively secure systems.

  1. Foundations of information security in HCI
  2. Foundations of psychology and further social factors (trust, legal aspects) for effectively secure systems
  3. Problems with the effective security of common security mechanisms (passwords, permissions) and how to address these
  4. Problems with the effective security in common application areas (e.g., Web, social networks, eVoting) and how to address these
  5. Methods for the development of practically secure information systems
  6. Methods for the empirical evaluation of the effectiveness of the security of systems


  • Development of practically secure information systems. 
  • Evaluation of the effectiveness of the security of information systems. 
  • Handling of interdisciplinary topics in computer science (with a focus on information security)


This is the main literature used throughout the lecture. However, in some lectures explicit reference will also be made to other literature.

  • Adams, Sasse: Users are not the enemy, Commun. ACM, 1999
  • Herley: So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users, NSPW '09, 2010
  • Cranor, Garfinkel: Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, 2005
  • Shostack, Stewart: The New School of Information Security, Addison-Wesley, 2008
  • Sarodnick, Brau: Methoden der Usability Evaluation: Wissenschaftliche Grundlagen und praktische Anwendung, Huber 2011
  • Lazar, Heidi, Hochheiser: Research Methods in human-computer-interaction, Wiley 2009
  • Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI) and the  Symposium On Usable Privacy and Security (SOUPS)

Internal area for literature, slides, and exercises

The password-protected area can be reached here. Access credentials will be announced at the first lecture.

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang