Abstract
Security and usability are two interrelated characteristics. Management of the instances where security and usability are in conflict is often a tough task, which is reliant on the skills of the developers and designers. The paper attempts to support the developers and designers in the management of the conflicts by proposing a task model-based approach that enables them to make informed choices concerning the management of the conflicts in the products they develop, thereby enabling them (1) to validate the efficacy of the design patterns before applying them, and (2) to identify limitations in the existing design patterns and propose its evolution. The paper also presents the findings from a case study where an existing usable security pattern was subjected to the proposed task model-based approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Broders, N., Martinie, C., Palanque, P., Winckler, M., Halunen, K.: A generic multimodels-based approach for the analysis of usability and security of authentication mechanisms. In: Bernhaupt, R., Ardito, C., Sauer, S. (eds.) HCSE 2020. LNCS, vol. 12481, pp. 61–83. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64266-2_4
Cockton, G., Woolrych, A.: Understanding inspection methods: Lessons from an assessment of heuristic evaluation. In: Blandford, A., Vanderdonckt, J., Gray, P. (eds.) People and Computers XV—Interaction without Frontiers, pp. 171–191. Springer, London (2001). https://doi.org/10.1007/978-1-4471-0353-0_11
Diaper, D.: Understanding task analysis for human-computer interaction. In: The Handbook of Task Analysis for Human-Computer Interaction. Lawrence Erlbaum Associates (2004)
Gould, I.D., Lewis, C.: Designing for usability: key principles and what designers think. Commun. ACM 28(3), 300–311 (1985)
Göransson, B., Gulliksen, J., Boivie, I.: The usability design process – integrating user-centered systems design in the software development process. Softw. Process Improv. Pract. 8(2), 111–131 (2003)
ISO 9241-210:2019(en), Ergonomics of human-system interaction—Part 210: Human-centred design for interactive systems. International Standard Organization (2019)
John, B. Kieras, D.E.: The GOMS family of user interface analysis techniques: comparison and contrast. ACM Trans. Comput.-Hum. Interact. 3(4), 320–351 (1996)
Johnson, P.: Human-Computer Interaction: Psychology, Task Analysis and Software Engineering. McGraw Hill, Maidenhead (1992)
Maguire, M.: Methods to support human-centred design. Int. J. Hum Comput Stud. 55(4), 587–634 (2001)
Martinie, C., Grigoriadis, C., Kalogeraki, E.M., Kotzanikolaou, P.: Modelling human tasks to enhance threat identification in critical maritime systems. In: PCI, pp. 375–380. ACM (2021)
Martinie, C., Palanque, P., Barboni, E.: Principles of task analysis and modeling: understanding activity, modeling tasks, and analyzing models. In: Vanderdonckt, J., Palanque, P., Winckler, M. (eds.) Handbook of Human Computer Interaction. Springer, Cham (2022)
Martinie, C., Palanque, P., Bouzekri, E., Cockburn, A., Canny, A., Barboni, E.: Analysing and demonstrating tool-supported customizable task notations. PACM Hum. Comput. Interact. 3(EICS), 1–26 (2019). Article ID 12
Naqvi, B., Seffah, A., Abran, A.: Framework for examination of software quality characteristics in conflict: a security and usability exemplar. Cogent Eng. 7(1), 1788308 (2020)
Naqvi, B.: Towards aligning security and usability during the system development lifecycle. LUT University, Finland (2020). https://urn.fi/URN:ISBN:978-952-335-586-6
Naqvi, Bilal: Dissecting the Security and Usability Alignment in the Industry. In: Bernhaupt, Regina, Ardito, Carmelo, Sauer, Stefan (eds.) Human-Centered Software Engineering: 9th IFIP WG 13.2 International Working Conference, HCSE 2022, Eindhoven, The Netherlands, August 24–26, 2022, Proceedings, pp. 57–69. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-14785-2_4
Naqvi, B., Seffah, A.: Interdependencies, conflicts and trade-offs between security and usability: why and how should we engineer them? In: Moallem, A. (ed.) HCI for Cybersecurity, Privacy and Trust: First International Conference, HCI-CPT 2019, Held as Part of the 21st HCI International Conference, HCII 2019, Orlando, FL, USA, July 26–31, 2019, Proceedings, pp. 314–324. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22351-9_21
Nikula, S., Martinie, C., Palanque, P., Hekkala, J., Latvala, O., Halunen, K.: Models-based analysis of both user and attacker tasks: application to EEVEHAC. In: Bernhaupt, R., Ardito, C., Sauer, S. (eds.) Human-Centered Software Engineering: 9th IFIP WG 13.2 International Working Conference, HCSE 2022, Eindhoven, The Netherlands, August 24–26, 2022, Proceedings, pp. 70–89. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-14785-2_5
O’Donnell, R.D., Eggemeier, F.T.: Workload assessment methodology. In: Handbook of Perception and Human Performance, vol. II Cognitive Processes and Performance, pp. 42–41–42–49. Wiley (1986)
Osterweil, L.J., et al.: Iterative analysis to improve key properties of critical human-intensive processes: an election security example. ACM Trans. Priv. Secur. 20(2), Article 5 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 IFIP International Federation for Information Processing
About this paper
Cite this paper
Martinie, C., Naqvi, B. (2023). On using the Task Models for Validation and Evolution of Usable Security Design Patterns. In: Furnell, S., Clarke, N. (eds) Human Aspects of Information Security and Assurance. HAISA 2023. IFIP Advances in Information and Communication Technology, vol 674. Springer, Cham. https://doi.org/10.1007/978-3-031-38530-8_32
Download citation
DOI: https://doi.org/10.1007/978-3-031-38530-8_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38529-2
Online ISBN: 978-3-031-38530-8
eBook Packages: Computer ScienceComputer Science (R0)
