An Assessment Framework for Usable-Security Based on Decision Science

  • Yasser M. Hausawi
  • William H. Allen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)


The balance between security and usability must be addressed as early as possible in the Software Development Life Cycle (SDLC) to ensure the inclusion of usable-security in software products. Unfortunately, there has been little research on assessing and integrating security, usability, and usable-security during the requirements engineering phase of the SDLC. To address that deficiency, this paper proposes an Assessment Framework for Usable-Security (AFUS) based on two well-known techniques from the decision science field.


Security Usability Human Computer Interaction HCI HCI-SEC Usable-Security Quality Attributes Assessment Decision Science 


  1. 1.
    Adams, A., Sasse, M.A.: Users are not the enemy. Communications of the ACM 42(12), 40–46 (1999)CrossRefGoogle Scholar
  2. 2.
    Anton, A.I., Carter, R.A., Dagnino, A., Dempster, J.H., Siege, D.F.: Deriving goals from a use-case based requirements specification. Requirements Engineering 6(1), 63–73 (2001)CrossRefzbMATHGoogle Scholar
  3. 3.
    Bosch, J.: Design and use of software architectures: adopting and evolving a product-line approach. Pearson Education (2000)Google Scholar
  4. 4.
    Braz, C., Seffah, A., M’Raihi, D.: Designing a trade-off between usability and security: A metrics based-model. In: Baranauskas, C., Abascal, J., Barbosa, S.D.J. (eds.) INTERACT 2007. LNCS, vol. 4663, pp. 114–126. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Chung, L., do Prado Leite, J.C.S.: On non-functional requirements in software engineering. In: Borgida, A.T., Chaudhri, V.K., Giorgini, P., Yu, E.S. (eds.) Conceptual Modeling: Foundations and Applications. LNCS, vol. 5600, pp. 363–379. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Clemens, R.T., Reilly, T.: Making hard decisions with decision tools® (2001)Google Scholar
  7. 7.
    Cranor, L.F., Garfinkel, S.: Guest editors’ introduction: Secure or usable? IEEE Security & Privacy 2(5), 16–18 (2004)CrossRefGoogle Scholar
  8. 8.
    DeWitt, A.J., Kuljis, J.: Is usable security an oxymoron? Interactions 13(3), 41–44 (2006)CrossRefGoogle Scholar
  9. 9.
    Dhamija, R., Dusseault, L.: The seven flaws of identity management: Usability and security challenges. IEEE Security & Privacy 6(2), 24–29 (2008)CrossRefGoogle Scholar
  10. 10.
    Ferre, X.: Integration of usability techniques into the software development process. In: International Conference on Software Engineering (Bridging the gaps between software engineering and human-computer interaction), pp. 28–35 (2003)Google Scholar
  11. 11.
    Ferreira, A., Rusu, C., Roncagliolo, S.: Usability and security patterns. In: Second International Conferences on Advances in Computer-Human Interactions, ACHI 2009, pp. 301–305. IEEE (2009)Google Scholar
  12. 12.
    Flechais, I., Mascolo, C., Sasse, A.: Integrating security and usability into the requirements and design process. International Journal of Electronic Security and Digital Forensics 1(1), 12–26 (2007)CrossRefGoogle Scholar
  13. 13.
    Folmer, E., van Gurp, J., Bosch, J.: Scenario-based assessment of software architecture usability. In: ICSE Workshop on SE-HCI, Citeseer, pp. 61–68 (2003)Google Scholar
  14. 14.
    Garfinkel, S.: Design Principles and Patterns for Computer Systems that are Simultaneously Secure and Usable. PhD thesis, Massachusetts Institute of Technology (2005)Google Scholar
  15. 15.
    Gorton, I.: Software quality attributes. In: Essential Software Architecture, pp. 23–38 (2011)Google Scholar
  16. 16.
    Hausawi, Y.M., Mayron, L.M.: Towards usable and secure natural language processing systems. In: Stephanidis, C. (ed.) HCII 2013, Part I. CCIS, vol. 373, pp. 109–113. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  17. 17.
    WD ISO. 9241-11. ergonomic requirements for office work with visual display terminals (VDTs). In: The International Organization for Standardization (1998)Google Scholar
  18. 18.
    Lampson, B.: Privacy and security usable security: How to get it. Communications of the ACM 52(11), 25–27 (2009)CrossRefGoogle Scholar
  19. 19.
    Mayron, L.M., Hausawi, Y., Bahr, G.S.: Secure, usable biometric authentication systems. In: Stephanidis, C., Antona, M. (eds.) UAHCI 2013, Part I. LNCS, vol. 8009, pp. 195–204. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  20. 20.
    OWASP. Risk rating methodology (2013)Google Scholar
  21. 21.
    Pfleeger, C.P., Pfleeger, S.L.: Security in Computing. Prentice Hall PTR (2006)Google Scholar
  22. 22.
    Robertson, J., Robertson, S.: Volere requirements specification template: Edition January 14 (2009)Google Scholar
  23. 23.
    Sommerville, I., Sawyer, P.: Requirements engineering: a good practice guide. John Wiley & Sons, Inc. (1997)Google Scholar
  24. 24.
    Weir, C.S., Douglas, G., Carruthers, M., Jack, M.: User perceptions of security, convenience and usability for e-banking authentication tokens. Computers & Security 28(1), 47–62 (2009)CrossRefGoogle Scholar
  25. 25.
    Whitten, A.: Making Security Usable. PhD thesis, Princeton University (2004)Google Scholar
  26. 26.
    Whitten, A., Tygar, D.: Why johnny can’t encrypt: A usability evaluation of pgp 5.0. In: Proceedings of the 8th USENIX Security Symposium, vol. 99, McGraw-Hill (1999)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Yasser M. Hausawi
    • 1
  • William H. Allen
    • 1
  1. 1.Department of Computer SciencesFlorida Institute of TechnologyMelbourneUSA

Personalised recommendations