Abstract
The balance between security and usability must be addressed as early as possible in the Software Development Life Cycle (SDLC) to ensure the inclusion of usable-security in software products. Unfortunately, there has been little research on assessing and integrating security, usability, and usable-security during the requirements engineering phase of the SDLC. To address that deficiency, this paper proposes an Assessment Framework for Usable-Security (AFUS) based on two well-known techniques from the decision science field.
Chapter PDF
Similar content being viewed by others
Keywords
References
Adams, A., Sasse, M.A.: Users are not the enemy. Communications of the ACM 42(12), 40–46 (1999)
Anton, A.I., Carter, R.A., Dagnino, A., Dempster, J.H., Siege, D.F.: Deriving goals from a use-case based requirements specification. Requirements Engineering 6(1), 63–73 (2001)
Bosch, J.: Design and use of software architectures: adopting and evolving a product-line approach. Pearson Education (2000)
Braz, C., Seffah, A., M’Raihi, D.: Designing a trade-off between usability and security: A metrics based-model. In: Baranauskas, C., Abascal, J., Barbosa, S.D.J. (eds.) INTERACT 2007. LNCS, vol. 4663, pp. 114–126. Springer, Heidelberg (2007)
Chung, L., do Prado Leite, J.C.S.: On non-functional requirements in software engineering. In: Borgida, A.T., Chaudhri, V.K., Giorgini, P., Yu, E.S. (eds.) Conceptual Modeling: Foundations and Applications. LNCS, vol. 5600, pp. 363–379. Springer, Heidelberg (2009)
Clemens, R.T., Reilly, T.: Making hard decisions with decision tools® (2001)
Cranor, L.F., Garfinkel, S.: Guest editors’ introduction: Secure or usable? IEEE Security & Privacy 2(5), 16–18 (2004)
DeWitt, A.J., Kuljis, J.: Is usable security an oxymoron? Interactions 13(3), 41–44 (2006)
Dhamija, R., Dusseault, L.: The seven flaws of identity management: Usability and security challenges. IEEE Security & Privacy 6(2), 24–29 (2008)
Ferre, X.: Integration of usability techniques into the software development process. In: International Conference on Software Engineering (Bridging the gaps between software engineering and human-computer interaction), pp. 28–35 (2003)
Ferreira, A., Rusu, C., Roncagliolo, S.: Usability and security patterns. In: Second International Conferences on Advances in Computer-Human Interactions, ACHI 2009, pp. 301–305. IEEE (2009)
Flechais, I., Mascolo, C., Sasse, A.: Integrating security and usability into the requirements and design process. International Journal of Electronic Security and Digital Forensics 1(1), 12–26 (2007)
Folmer, E., van Gurp, J., Bosch, J.: Scenario-based assessment of software architecture usability. In: ICSE Workshop on SE-HCI, Citeseer, pp. 61–68 (2003)
Garfinkel, S.: Design Principles and Patterns for Computer Systems that are Simultaneously Secure and Usable. PhD thesis, Massachusetts Institute of Technology (2005)
Gorton, I.: Software quality attributes. In: Essential Software Architecture, pp. 23–38 (2011)
Hausawi, Y.M., Mayron, L.M.: Towards usable and secure natural language processing systems. In: Stephanidis, C. (ed.) HCII 2013, Part I. CCIS, vol. 373, pp. 109–113. Springer, Heidelberg (2013)
WDÂ ISO. 9241-11. ergonomic requirements for office work with visual display terminals (VDTs). In: The International Organization for Standardization (1998)
Lampson, B.: Privacy and security usable security: How to get it. Communications of the ACM 52(11), 25–27 (2009)
Mayron, L.M., Hausawi, Y., Bahr, G.S.: Secure, usable biometric authentication systems. In: Stephanidis, C., Antona, M. (eds.) UAHCI 2013, Part I. LNCS, vol. 8009, pp. 195–204. Springer, Heidelberg (2013)
OWASP. Risk rating methodology (2013)
Pfleeger, C.P., Pfleeger, S.L.: Security in Computing. Prentice Hall PTR (2006)
Robertson, J., Robertson, S.: Volere requirements specification template: Edition January 14 (2009)
Sommerville, I., Sawyer, P.: Requirements engineering: a good practice guide. John Wiley & Sons, Inc. (1997)
Weir, C.S., Douglas, G., Carruthers, M., Jack, M.: User perceptions of security, convenience and usability for e-banking authentication tokens. Computers & Security 28(1), 47–62 (2009)
Whitten, A.: Making Security Usable. PhD thesis, Princeton University (2004)
Whitten, A., Tygar, D.: Why johnny can’t encrypt: A usability evaluation of pgp 5.0. In: Proceedings of the 8th USENIX Security Symposium, vol. 99, McGraw-Hill (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Hausawi, Y.M., Allen, W.H. (2014). An Assessment Framework for Usable-Security Based on Decision Science. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham. https://doi.org/10.1007/978-3-319-07620-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-07620-1_4
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07619-5
Online ISBN: 978-3-319-07620-1
eBook Packages: Computer ScienceComputer Science (R0)