This paper aims to present concrete and verified guidelines for enhancing the usability and security of software that delegates security decisions to lay users and captures these user decisions as a security policy.
This work is an exploratory study. The authors hypothesised that existing tools for runtime set‐up of security policies are not sufficient. As this proved true, as shown in earlier work, they apply usability engineering with user studies to advance the state‐of‐the‐art.
Little effort has been spent on how security policies can be set up by the lay users for whom they are intended. This work identifies what users want and need for a successful runtime set‐up of security policies.
Concrete and verified guidelines are provided for designers who are faced with the task of delegating security decisions to lay users.
The devised guidelines focus specifically on the set‐up of runtime security policies and therefore on the design of alert windows.
