nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Interdependencies, Conflicts and Trade-Offs Between Security and Usability: Why and How Should We Engineer Them?

verfasst von : Bilal Naqvi, Ahmed Seffah

Erschienen in: HCI for Cybersecurity, Privacy and Trust

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Security and usability are considered as conflicting goals. Despite the recognition that security and usability conflicts pose a serious challenge to achieve effective security, the review of the state of art identifies many gaps in today’s practices including, (1) failure of security specialists to address usability, as perceived and defined by the human computer interaction (HCI) community, (2) industry’s behavior is being more driven by bug fixing, rather than trying to examine and consider the context and the human experiences in which the bugs occurs, and (3) the lack of HCI skills required for conducting effective user studies. Furthermore, analysis of the existing literature identifies different perceptions concerning the relationship between security and usability. Some researchers have identified existence of trade-offs when it comes to the security and usability conflicts, however, others refer to the trade-offs as mere myths. A four staged process oriented framework to address the security and usability conflict is presented in this paper. The framework governs aspects from identification of the conflicts to elicitation of suitable trade-offs. To support re-use, the outcomes of employing the framework are documented in form of design patterns. A template to standardize documentation of the patterns is also presented along with one example of the usable security patterns.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Behind the Façade

Nächstes Kapitel Informing Hybrid System Design in Cyber Security Incident Response

ISO 25010, Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – System and software quality models (2011)

Password Guidance: Simplifying Your Approach. The National Cyber Security Centre. https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach

Naqvi, B., Seffah, A.: A methodology for aligning usability and security in systems and services. In: International Conference on Information System Engineering (ICISE), pp. 61–66. IEEE (2018)

Dhillon, G., Oliveira, T., Susarapu, S., Caldeira, M.: Deciding between information security and usability: developing value based objectives. Comput. Hum. Behav. 61, 656–666 (2016)CrossRef

Garg, H., Choudhury, T., Kumar, P., Sabitha, S.: Comparison between significance of usability and security in HCI. In: 2017 3rd International Conference on Computational Intelligence Communication Technology (CICT), pp. 1–4 (2017)

Kulyk, O., Neumann, S., Budurushi, J., Volkamer, M.: Nothing comes for free: how much usability can you sacrifice for security? IEEE Secur. Priv. 15, 24–29 (2017)CrossRef

Bai, W., Kim, D., Namara, M., Qian, Y., Kelley, P.G., Mazurek, M.L.: Balancing security and usability in encrypted email. IEEE Internet Comput. 21, 30–38 (2017)CrossRef

Sasse, M.A., Smith, M., Herley, C., Lipford, H., Vaniea, K.: Debunking security–usability tradeo myths. IEEE Secur. Priv. 14(5), 33–39 (2016)

Cranor, L.F., Buchler, N.: Better together: usability and security go hand in hand. IEEE Secur. Priv. 12, 89–93 (2014)CrossRef

10.

Hof, H.-J.: User-centric IT security-how to design usable security mechanisms. In: 5th International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services (CENTRIC), pp. 7–12 (2012)

11.

Sahar, F.: Tradeoffs between usability and security. Int. J. Eng. Tech. 5, 434–437 (2013)CrossRef

12.

Fahl, S.: Confidentiality as a service—usable security for the cloud. In: 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 153–162 (2012)

13.

Mairiza D., Zowghi, D.: An ontological framework to manage the relative conflicts between security and usability requirements. In: 3rd International Workshop on Managing Requirements Knowledge (MARK), pp. 1–6 (2010)

14.

Hausawi, Y.M., Allen, W.H.: An assessment framework for usable-security based on decision science. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 33–44. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07620-1_4CrossRef

15.

National Institute of Standards and Technology. NISTIR 8080 Usability and Security Considerations for Public Safety Mobile Authentication (2016)

16.

IBM: Cost of Data Breach Study: Global Analysis by Ponemon Institute LLC, Sponsored by IBM (2016)

17.

Whitten, A., Tygar, J.D.: Usability of security: A case study. School of Computing Science, Carnegie Mellon University. Rep. Technical Report CMU-CS-98-155 (1998)

18.

Imperva: Application Defense Center: Consumer Password Worst Practices. http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf

19.

Ben-Asher, N., Kirschnick, N., Sieger, H., Meyer, J., Ben-Oved, A., Möller, S.: On the need for different security methods on mobile phones. In: Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services, pp. 465–473 (2011)

20.

Glass, B.D., Jenkinson, G., Liu, Y., Sasse, M.A., Stajano, F., Spencer, M.: The usability canary in the security coal mine: a cognitive framework for evaluation and design of usable authentication solutions. In: Internet Society. Wiley (2003). https://www.wiley.com/en-ad/Multiple+User+Interfaces:+Cross+Platform+Applications+and+Context+Aware+Interfaces-p-9780470854440

21.

Seffah, A., Javahery, H.: Multiple User Interfaces: Cross-Platform Applications and Context-Aware Interfaces. Wiley (2014)

22.

Garfinkel, S., Lipford, H.R.: Usable security, history, themes and challenges. Morgan and Claypool Publishers, San Juan (2014)CrossRef

Titel: Interdependencies, Conflicts and Trade-Offs Between Security and Usability: Why and How Should We Engineer Them?
verfasst von: Bilal Naqvi
Ahmed Seffah
Verlag: Springer International Publishing
Buch: HCI for Cybersecurity, Privacy and Trust
Print ISBN: 978-3-030-22350-2

Electronic ISBN: 978-3-030-22351-9

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-22351-9_21

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"