Portfolio > Chameleon

A desktop security interface

Click above to see a slideshow with 3 larger images.

This research was included as a chapter in a recently published book:

A. Chris Long and Courtney Moskowitz. "Simple Desktop Security With Chameleon." Security and Usability: Designing Secure Systems That People Can Use, O'Reilly & Associates, 2005.


Working with A. Chris Long, a post-doctoral researcher at Carnegie Mellon University, I prototyped and tested an experimental desktop computer security system called Chameleon.

For the majority of computer users, existing security in the form of separate file permissions is not useful because most people rarely bother to set these permissions. To minimize the damage that a virus or other malicious program can cause, we explored a security system designed to fit the way people work more closely, making it more likely to be used.

My role

I developed, user-tested, and iterated an interface prototype from low fidelity paper prototypes through a high-fidelity Visual Basic prototype.


Chameleon works by separating your files and applications into multiple areas that are isolated from one another. The areas are known as "roles" because they are divided up based on the type of things you are most likely to be doing while in each one.

During the low fidelity stage, I constructed paper prototypes. Later, I was responsible for developing the high fidelity Visual Basic prototype of a computer desktop, with functioning models of basic applications (email, text editor, web browser, music player, and a working file system).

At both stages, I designed and carried out user studies with the prototypes. These were think-aloud user studies with 2 rounds of 6 to 8 participants each. I analyzed results to find breakdowns and delivered a set of recommendations based on the data.