short-paper

User-centric security: optimization of the security-usability trade-off

Author:

Denis FethAuthors Info & Claims

ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

Pages 1034 - 1037

https://doi.org/10.1145/2786805.2803195

Published: 30 August 2015 Publication History

Abstract

Security and usability are highly important and interdependent quality attributes of modern IT systems. However, it is often hard to fully meet both in practice. Security measures are complex by nature and often complicate work flows. Vice versa, insecure systems are typically not usable in practice. To tackle this, we aim at finding the best balance between usability and security in software engineering and administration. Our methodology is based on active involvement of large user groups and analyzes user feedback in order to optimize security mechanisms with respect to their user experience, with a focus on security awareness. It is applied during requirements elicitation and prototyping, and to dynamically adapt unsuited security policies at runtime.

References

[1]

Al-Saleh, M.: Fine-grained reasoning about the security and usability trade-off in modern security tools. Dissertation, The University of New Mexico (2011)

Digital Library

[2]

Brotby, W., Hinson, G.: PRAGMATIC Security Metrics. Auerbach Publications (Jan 2013)

[3]

Cranor, L., Garfinkel, S.: Security and Usability. O’Reilly Media, Inc. (Aug 2005)

Digital Library

[4]

Dixon, E., Enos, E., Brodmerkle, S.: A/B testing (Nov 2013)

[5]

Dörr, J.: Elicitation of a complete set of non-functional requirements. Fraunhofer-Verlag (2010)

[6]

Feth, D., Pretschner, A.: Flexible Data-Driven Security for Android. In: 2012 IEEE Sixth International Conference on Software Security and Reliability. pp. 41–50. IEEE (Jun 2012)

Digital Library

[7]

Garfinkel, S.L.: Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable. Gene 31, 234–239 (2005)

[8]

Good, N., Krekelberg, A.: Usability and privacy: a study of Kazaa P2P file-sharing. Proceedings of the SIGCHI conference on. .. (5), 137–144 (2003)

Digital Library

[9]

Jordan, P.W., Thomas, B., McClelland, I.L., Weerdmeester, B.: Usability Evaluation In Industry. CRC Press (1996)

[10]

Jung, C., Feth, D., Elrakaiby, Y.: Automatic Derivation of Context Descriptions. In: 2015 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support. IEEE (2015)

[11]

Jung, C., Feth, D., Seise, C.: Context-Aware Policy Enforcement for Android. In: 2013 IEEE 7th International Conference on Software Security and Reliability. pp. 40–49. IEEE (2013)

Digital Library

[12]

Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Communications of the ACM 49(9), 39 (Sep 2006)

Digital Library

[13]

Rudolph, M.: User-friendly and Tailored Policy Administration Points. In: 1st International Conference on Information Systems Security and Privacy (to appear) (2015)

[14]

Rudolph, M., Schwarz, R.: A Critical Survey of Security Indicator Approaches. In: 2012 Seventh International Conference on Availability, Reliability and Security. pp. 291–300. IEEE (Aug 2012)

Digital Library

[15]

Sarodnick, F., Brau, H.: Methoden der Usability Evaluation. Verlag Hans Huber (2011)

[16]

Scandariato, R., Paci, F., Tran, L.M.S., Labunets, K., Yskout, K., Massacci, F., Joosen, W.: Empirical Assessment of Security Requirements and Architecture: Lessons Learned. In: Engineering Secure Future Internet Services and Systems, Lecture Notes in Computer Science, vol. 8431, pp. 35–64. Springer (2014)

[17]

Tullis, T., Albert, B.: Measuring the User Experience. Elsevier (2008)

Digital Library

[18]

Whitten, A., Tygar, J.: Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In: Proceedings of the 8th Conference on USENIX Security Symposium - Volume 8. p. 14. USENIX Association (Aug 1999)

Digital Library

[19]

Whitten, A., Tygar, J.D.: Usability of security: A case study. Computer Science pp. 1–41 (1998)

Cited By

Karamahmutoglu IGokturk M(2024)A Systematic Approach to Measure Usability and Security Trade-off2024 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA)10.1109/HORA61326.2024.10550727(1-4)Online publication date: 23-May-2024
https://doi.org/10.1109/HORA61326.2024.10550727
Lennartsson MKävrestad JNohlberg M(2020)Exploring the Meaning of “Usable Security”Human Aspects of Information Security and Assurance10.1007/978-3-030-57404-8_19(247-258)Online publication date: 21-Aug-2020
https://doi.org/10.1007/978-3-030-57404-8_19
Wong SWoepse ALeavens GGarcia APăsăreanu C(2018)Software development challenges with air-gap isolationProceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3236024.3275526(815-820)Online publication date: 26-Oct-2018
https://dl.acm.org/doi/10.1145/3236024.3275526
Show More Cited By

Index Terms

User-centric security: optimization of the security-usability trade-off

Recommendations

Usability issues in security
SP'12: Proceedings of the 20th international conference on Security Protocols

Usability issues in security have been discussed such that users could use the security tools easier. On contrary we presume another aspect of usability issues in security; an interface which causes a slight disturbance and discomfort so that a user ...
Security Usability

In the security community, weýve always recognized that our security proposals come with certain costs in terms of usability. Traditionally, thatýs the compromise we make to get security. But the market has ruled against us. Time and time again, our ...
An Analysis Study on Security Activity Changes by Security Accident
ICEC '15: Proceedings of the 17th International Conference on Electronic Commerce 2015

Recently security accidents caused by various reason from 2013 South Korea cyber attack to private information leakage have appeared in companies and government offices and the scale of damage is getting increasing. Accordingly, Companies have performed ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

August 2015

1068 pages

ISBN:9781450336758

DOI:10.1145/2786805

General Chair:
Elisabetta Di Nitto
Politecnico di Milano, Italy
,
Program Chairs:
Mark Harman
University College London, UK
,
Patrick Heymans
University of Namur, Belgium

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 August 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

ESEC/FSE'15

Sponsor:

SIGSOFT

ESEC/FSE'15: Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering

August 30 - September 4, 2015

Bergamo, Italy

Acceptance Rates

Overall Acceptance Rate 112 of 543 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
428
Total Downloads

Downloads (Last 12 months)53
Downloads (Last 6 weeks)5

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Karamahmutoglu IGokturk M(2024)A Systematic Approach to Measure Usability and Security Trade-off2024 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA)10.1109/HORA61326.2024.10550727(1-4)Online publication date: 23-May-2024
https://doi.org/10.1109/HORA61326.2024.10550727
Lennartsson MKävrestad JNohlberg M(2020)Exploring the Meaning of “Usable Security”Human Aspects of Information Security and Assurance10.1007/978-3-030-57404-8_19(247-258)Online publication date: 21-Aug-2020
https://doi.org/10.1007/978-3-030-57404-8_19
Wong SWoepse ALeavens GGarcia APăsăreanu C(2018)Software development challenges with air-gap isolationProceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3236024.3275526(815-820)Online publication date: 26-Oct-2018
https://dl.acm.org/doi/10.1145/3236024.3275526
Justine CPrasad RThomas C(2018)Game theoretical analysis of usable security and privacySECURITY AND PRIVACY10.1002/spy2.554:5Online publication date: 14-Dec-2018
https://doi.org/10.1002/spy2.55
Feth DMaier APolst S(2017)A User-Centered Model for Usable Security and PrivacyHuman Aspects of Information Security, Privacy and Trust10.1007/978-3-319-58460-7_6(74-89)Online publication date: 13-May-2017
https://doi.org/10.1007/978-3-319-58460-7_6

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents