More Web Proxy on the site http://driver.im/

research-article

Usablity and security trade-off: a design guideline

Authors:

Yasser M. Hausawi,

William H. AllenAuthors Info & Claims

ACMSE '14: Proceedings of the 2014 ACM Southeast Conference

Article No.: 21, Pages 1 - 6

https://doi.org/10.1145/2638404.2638483

Published: 28 March 2014 Publication History

Abstract

Requirements engineering and design are the first two phases of the Software Development Life-Cycle. Considerable research has addressed the requirements phase and a number of well-regarded tools exist to assist with that process. The design phase can also make use of a wide range of tools, including design principles, activities, best practices, techniques, and patterns, to improve the incorporation of requirements into the software design documents. However, the process of selecting the appropriate design tools to support each requirement is a complex task that requires considerable training and experience. It is also possible that design tools selected for different requirements can conflict with each other, reducing their effectiveness, increasing complexity, impacting usability or potentially causing security vulnerabilities. In this paper, we propose guidelines for selecting appropriate design tools to support the integration of usability and security requirements in the software design phase and to resolve conflicts between those tools. We demonstrate this approach with a case study that illustrates the design tool selection and analysis process.

References

[1]

C. Alexander. The Oregon Experiment, volume 3. Oxford University Press, USA, 1975.

[2]

A. Alkussayer and W. H. Allen. The ISDF Framework: Integrating security patterns and best practices. Advances in Information Security and Its Application, pages 17--28, 2009.

[3]

C. Braz, A. Seffah, and D. MâĂ&Zacute;Raihi. Designing a trade-off between usability and security: A metrics based-model. In Human-Computer Interaction--INTERACT 2007, pages 114--126. Springer, 2007.

Digital Library

[4]

X. Ferre. Integration of usability techniques into the software development process. In International Conference on Software Engineering (Bridging the gaps between software engineering and human-computer interaction), pages 28--35, 2003.

[5]

X. Ferre, N. Juristo, and A. Moreno. Framework for integrating usability practices into the software process. Product focused software process improvement, pages 202--215, 2005.

Digital Library

[6]

E. Folmer and J. Bosch. Usability patterns in software architecture. In Proceedings of the 10th International Conference on Human-Computer Interaction (HCI 2003), pages 93--97, 2003.

[7]

E. Folmer, J. van Gurp, and J. Bosch. Scenario-based assessment of software architecture usability. In ICSE Workshop on SE-HCI, pages 61--68. Citeseer, 2003.

[8]

E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design patterns: Elements of reusable object-oriented design, 1995.

Digital Library

[9]

S. Garfinkel. Design Principles and Patterns for Computer Systems that are Simultaneously Secure and Usable. PhD thesis, Massachusetts Institute of Technology, 2005.

Digital Library

[10]

M. Hafiz, P. Adamczyk, and R. Johnson. Growing a pattern language (for security). In Proceedings of the 18th conference on pattern languages of programs (PloP), 2011.

[11]

R. Hanmer. Patterns for Fault Tolerant Software. Wiley Publishing, 2007.

Digital Library

[12]

Y. M. Hausawi and W. H. Allen. An assessment framework for usable-security based on decision science. In Human Aspects of Information Security, Privacy, and Trust, pages 33--44. Springer, 2014.

Digital Library

[13]

Y. M. Hausawi, W. H. Allen, and G. S. Bahr. Choice-based authentication: A usable-security approach. In Universal Access in Human-Computer Interaction. Design and Development Methods for Universal Access, pages 114--124. Springer, 2014.

[14]

T. Heyman, K. Yskout, R. Scandariato, and W. Joosen. An analysis of the security patterns landscape. In Proceedings of the Third International Workshop on Software Engineering for Secure Systems, page 3. IEEE Computer Society, 2007.

Digital Library

[15]

M. Howard and S. Lipner. The Security Development Lifecycle. Microsoft Press, 2009.

Digital Library

[16]

W. ISO. 9241-11. ergonomic requirements for office work with visual display terminals (VDTs). The international organization for standardization, 1998.

[17]

R. E. Johnson. Documenting frameworks using patterns. In ACM Sigplan Notices, volume 27, pages 63--76. ACM, 1992.

Digital Library

[18]

D. M. Kienzle, M. C. Elder, D. Tyree, and J. Edwards-Hewitt. Security patterns repository version 1.0. DARPA, Washington DC, 2002.

[19]

G. McGraw. The security lifecycle-the 7 touchpoints of secure software-just as you can't test quality into software, you can't bolt security features onto code and expect it to become hack-proof security. Software Development, 13(9):42--43, 2005.

[20]

OWASP. Risk rating methodology, 2013.

[21]

B. D. Payne and W. K. Edwards. A brief introduction to usable security. Internet Computing, IEEE, 12(3):13--21, 2008.

Digital Library

[22]

C. P. Pfleeger and S. L. Pfleeger. Security in Computing. Prentice Hall PTR, 2006.

Digital Library

[23]

M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Buschmann, and P. Sommerlad. Security Patterns: Integrating Security and Systems Engineering, volume 7. Wiley, 2006.

Digital Library

[24]

S. Simpson. Fundamental practices for secure software development: A guide to the most effective secure development practices in use today, 2011.

[25]

J. Yoder and J. Barcalow. Architectural patterns for enabling application security. Urbana, 51:61801, 1998.

Cited By

Morales JRusu CBotella FQuinones D(2019)Programmer eXperience: A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2019.29201247(71079-71094)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2920124
Realpe-Muñoz PCollazos CGranollers TMuñoz-Arteaga JFernandez EGonzález-Calleros J(2017)Design process for usable security and authentication using a user-centered approachProceedings of the XVIII International Conference on Human Computer Interaction10.1145/3123818.3123838(1-8)Online publication date: 25-Sep-2017
https://dl.acm.org/doi/10.1145/3123818.3123838

Index Terms

Usablity and security trade-off: a design guideline

Recommendations

Usable Security by Design: A Pattern Approach
HCI for Cybersecurity, Privacy and Trust
Abstract
Security and usability are often in conflict. There is a recognition that security cannot be achieved in real sense unless it incorporates the human factor (usability elements). Despite this recognition, the state of the art identifies many ...
A concept for engineering smart grid security requirements based on SGAM models

The Smart Grid Architecture Model (SGAM) is widely used for modelling, requirements engineering and gap analysis. In this paper, a formal method for engineering security requirements with SGAM is proposed. Asset security classes, risks and ...
Conceptual design: from user requirements to user interface
CHI '98: CHI 98 Conference Summary on Human Factors in Computing Systems

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACMSE '14: Proceedings of the 2014 ACM Southeast Conference

March 2014

265 pages

ISBN:9781450329231

DOI:10.1145/2638404

Conference Chair:
Ken Hoganson
Kennesaw State University
,
Program Chair:
Selena He
Kennesaw State University

Copyright © 2014.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 March 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ACM SE '14

ACM SE '14: ACM Southeast Regional Conference 2014

March 28 - 29, 2014

Georgia, Kennesaw

Acceptance Rates

Overall Acceptance Rate 502 of 1,023 submissions, 49%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
284
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)2

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Morales JRusu CBotella FQuinones D(2019)Programmer eXperience: A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2019.29201247(71079-71094)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2920124
Realpe-Muñoz PCollazos CGranollers TMuñoz-Arteaga JFernandez EGonzález-Calleros J(2017)Design process for usable security and authentication using a user-centered approachProceedings of the XVIII International Conference on Human Computer Interaction10.1145/3123818.3123838(1-8)Online publication date: 25-Sep-2017
https://dl.acm.org/doi/10.1145/3123818.3123838

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents