Currently, many powerful applications designed to combat social deviations are available, like the web-filtering systems, which measure the content of a website before submitting it to the user, notifying whether the content of the website presents (or not) information related to pornography, violence, racism, among others, and prompting the user to not accessing the site, or even blocking access to the website. Nevertheless, frequently the feedback of these systems is not well-designed, which may confuse users and lead to mistakes, disappointments, and misunderstandings. In order to reduce this concern, a method is provided to developers with guidance in designing usable security notifications to be incorporated in web-filtering systems. The method is structured through a library of user interface design patterns which integrates essential concepts of security and usability. The authors show the effectiveness of the patterns by using an illustrative example as a proof-of-concept together with a preliminary study.
TopIntroduction
In this chapter we present a non-exhaustive collection of design patterns intended to facilitate the way some security aspects (notifications) are conveyed to the end user through the UI (User Interface). The design solutions offered by the patterns proposed allow achieving an appropriate security feedback, which could be used by most of the web-filtering systems available.
In the same way, web-filtering systems can be used by users with different experience; therefore the notifications showed by these systems must meet the basic requirements of usability and universal design. The security feedback designed with the proposed patterns, could make possible the correct interpretation about security feedback (related to the content of a particular website) showed by web-filtering systems, regardless of the users experience and backgrounds (experts, advanced, and beginners).
We believe that the implementation of the proposed patterns allows incorporating easily the offered solutions into the design process, generating positive results throughout the development cycle. See Figure 1.
Figure 1. Implementation of the proposed patterns through the development life cycle
Additionally, Figure 1 refers to a theoretical contribution which consists in incorporating the end user into the design/improvement process of the security feedback, by means of measuring methods for obtaining the user's perception about the usability of a given UI, cf. (Mendoza, 2009 b; 2009 c; Muñoz, 2008).
We also consider the combination of visual and auditive notifications to enhance the comprehension of the security feedback designed by means of the proposed patterns. For which we create a basic model to exemplify the presentation of information security feedback to the user when a non-appropriate content is detected in a web-site. Our model is divided into three basic stages (see Figure 2): First, an additional notification form is triggered to notify user about content filtering issues, we suggest sonification because audio may be more disruptive than an image, but visual notifications can be possibly augmented with any other kind of feedback. Then, the visual feedback is effectively designed based on the design patterns that are explicitly based on HCISEC criteria. Finally, the feedback with options and suggestions is constructed and showed.
Figure 2. The suggested three steps for feedback showing
The principal objectives of this chapter are presented following:
- •
To reduce the risk of accidental pornography views by children while they use internet (doing homework, sending e-mails, etc.).
- •
To provide a starting point for developers to create adequate security information feedback used by web-filtering systems.
- •
To reduce the propagation of websites with content related to social deviations, by means of an appropriate security feedback for web-filtering systems.
- •
To promote the inclusion of additional feedback to reinforce the visual notifications to improve users’ perception to security alerts.
- •
To complement previous efforts to find equilibrium between usability and security for interactive web applications.