Usable-Security Evaluation

  • Yasser M. HausawiEmail author
  • William H. Allen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9190)


Developing software products which align security and usability to make a synergistic relationship between security and usability is an engineering process that starts from the first phase of the Software Development Life-Cycle (SDLC), and continues through the rest of the phases: design, construction, and testing. However, a summative evaluation of such a process must be done after the software product is completely developed with careful attention to measuring the alignment between security and usability (i.e.: usable-security), and integrating such alignment properly within the SDLC. Therefore, this paper proposes a usable-security measuring matrix that provides a summative evaluation of the whole process of applying usable-security on software products.


Security Usability Human computer interaction HCI HCI-SEC Usable security Quality attributes evaluation 



The authors would like to thank the Institute of Public Administration (IPA) in Saudi Arabia for their support of this work.


  1. 1.
    Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)CrossRefGoogle Scholar
  2. 2.
    Alkussayer, A., Allen, W.H.: The ISDF framework: integrating security patterns and best practices. In: Park, J.H., Zhan, J., Lee, C., Wang, G., Kim, T., Yeo, S.-S. (eds.) ISA 2009. CCIS, vol. 36, pp. 17–28. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  3. 3.
    Alkussayer, A., Allen, W.H.: A scenario-based framework for the security evaluation of software architecture. In: 3rd IEEE International Conference on ICCSIT, vol. 5, pp. 687–695. IEEE (2010)Google Scholar
  4. 4.
    Atallah, M.J., McDonough, C.J., Raskin, V., Nirenburg, S.: Natural language processing for information assurance and security: an overview and implementations. In: Proceedings of the 2000 Workshop on New Security Paradigms, pp. 51–65. ACM (2001)Google Scholar
  5. 5.
    Benson, G., Re, S.R.: System and method for device registration and authentication, 8 June 2012, uS Patent App. 13/492,126Google Scholar
  6. 6.
    Bevan, N., Macleod, M.: Usability measurement in context. Behav. Inf. Tech. 13(1–2), 132–145 (1994)CrossRefGoogle Scholar
  7. 7.
    Cranor, L.F., Garfinkel, S.: Guest editors’ introduction: secure or usable? IEEE Secur. Priv. 2(5), 16–18 (2004)CrossRefGoogle Scholar
  8. 8.
    DeWitt, A.J., Kuljis, J.: Is usable security an oxymoron? Interactions 13(3), 41–44 (2006)CrossRefGoogle Scholar
  9. 9.
    Ferre, X.: Integration of usability techniques into the software development process. In: International Conference on Software Engineering (Bridging the Gaps Between Software Engineering and Human-Computer Interaction), pp. 28–35 (2003)Google Scholar
  10. 10.
    Folmer, E., van Gurp, J., Bosch, J.: Scenario-based assessment of software architecture usability. In: ICSE Workshop on SE-HCI, Citeseer, pp. 61–68 (2003)Google Scholar
  11. 11.
    Garfinkel, S.: Design principles and patterns for computer systems that are simultaneously secure and usable. Ph.D. thesis, Massachusetts Institute of Technology (2005)Google Scholar
  12. 12.
    Hamilton, S., Chervany, N.L.: Evaluating information system effectiveness-part i: comparing evaluation approaches. MIS Q. 5, 55–69 (1981)CrossRefGoogle Scholar
  13. 13.
    Hausawi, Y.M., Allen, W.H.: An assessment framework for usable-security based on decision science. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 33–44. Springer, Heidelberg (2014) Google Scholar
  14. 14.
    Hausawi, Y.M., Allen, W.H., Bahr, G.S.: Choice-based authentication: a usable-security approach. In: Stephanidis, C., Antona, M. (eds.) UAHCI 2014, Part I. LNCS, vol. 8513, pp. 114–124. Springer, Heidelberg (2014) Google Scholar
  15. 15.
    Hausawi, Y.M., Mayron, L.M.: Towards usable and secure natural language processing systems. In: Stephanidis, C. (ed.) HCII 2013, Part I. CCIS, vol. 373, pp. 109–113. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  16. 16.
    Kainda, R., Flechais, I., Roscoe, A.: Security and usability: analysis and evaluation. In: ARES 2010 International Conference on Availability, Reliability, and Security, pp. 275–282. IEEE (2010)Google Scholar
  17. 17.
    Kim, H.-C., Liu, D., Kim, H.-W.: Inherent usability problems in interactive voice response systems. In: Jacko, J.A. (ed.) Human-Computer Interaction, Part IV, HCII 2011. LNCS, vol. 6764, pp. 476–483. Springer, Heidelberg (2011) Google Scholar
  18. 18.
    Kirakowski, J., Corbett, M.: Sumi: the software usability measurement inventory. Br. J. Educ. Technol. 24(3), 210–212 (1993)CrossRefGoogle Scholar
  19. 19.
    Mayron, L.M., Hausawi, Y., Bahr, G.S.: Secure, usable biometric authentication systems. In: Stephanidis, C., Antona, M. (eds.) UAHCI 2013, Part I. LNCS, vol. 8009, pp. 195–204. Springer, Heidelberg (2013) Google Scholar
  20. 20.
    OWASP: risk rating methodology (2013)Google Scholar
  21. 21.
    Pfleeger, C.P., Pfleeger, S.L.: Security in Computing. Prentice Hall PTR, Upper Saddle river (2006) Google Scholar
  22. 22.
    Simpson, S.: Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today (2011)Google Scholar
  23. 23.
    Tullis, T., Albert, W.: Measuring the User Experience: Collecting, Analyzing, and Presenting Usability Metrics. Morgan Kaufmann, San Francisco (2013) Google Scholar
  24. 24.
    Weiß, S., Weissmann, O., Dressler, F.: A comprehensive and comparative metric for information security. In: Proceedings of IFIP International Conference on Telecommunication Systems, Modeling and Analysis (ICTSM 2005), pp. 1–10 (2005)Google Scholar
  25. 25.
    Whitten, A.: Making security usable. Ph.D. thesis, Princeton University (2004)Google Scholar
  26. 26.
    Good, M., Spine, T.M., Whiteside, J., George, P.: User-derived impact analysis as a tool for usability engineering. In: ACM SIGCHI Bulletin, vol. 17, pp. 241–246. ACM (1986)Google Scholar
  27. 27.
    Gutmann, P., Grigg, I.: Security usability. IEEE Secur. Priv. 3(4), 56–58 (2005)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Institute of Public AdministrationJeddahSaudi Arabia
  2. 2.Florida Institute of TechnologyMelbourneUSA

Personalised recommendations