Usable-security evaluation by yasser m. download pdf

In order to provide evaluation consistency, all the attributes and their properties are evaluated according to Table 2 after processing their measurements according to Table 1. Table 1. Table 2. Systems can only be considered as effective if their users are able to achieve their goal of operating such systems. The effectiveness property can be measured based on a goal-centered view by counting the number of successful tasks that legitimate users perform [ 12 ]. For example, a software systems is effective if it allows users to successfully create their passwords, login using their previously created passwords, or provide their biometric traits.

Efficient systems must complete a specific task or process to reach a particular goal within an acceptable amount of time. The efficiency property is important because both the vendors and the users will not rely on a system that takes too long a time to perform a specific task for instance: authentication. The measurement used to evaluate the efficiency is the amount of time that is consumed for achieving a particular goal or to complete a particular task.

Evaluating the above standard usability properties leads to an overall usability evaluation through summing the evaluations of the three properties effectiveness, efficiency, and user satisfaction as in Eq. Confidentiality is a goal of all secure systems. Confidentiality is defined as the ability to grant access only to authorized users.

Integrity means that for the authorized users, the system does not allow them to perform tasks in an improper way, and protects the data from any unauthorized alteration. As having usable-security evaluation for software systems is the goal of this paper, the integrity property must be correctly applied to make such systems secure. This property is achieved by enabling systems to create auto-backup and auto-check using proper techniques and tools like hashing, the process of comparing backup files with the same files on the system.

Equation 7 depicts the integrity calculation on software systems, where n represents the total number of selected files for hashing, IN1 represents the integrity evaluation result. It is measured based upon the number of success services or data access requests a system receives. Evaluating the above standard security properties leads to an overall security evaluation through summing the evaluations of the three properties confidentiality, integrity, an availability divided by 3.

Based on the previous section, a usable-security evaluation matrix can be constructed that can be used as a guidance to achieve the overall goal of this paper, which is evaluation and enhancement for software systems to be both more usable and secure enough see Fig.

The matrix shown in Fig. The results are then used in Eq. Open image in new window. Overall, a numerical categorization is given to each perfection level as follows: high usable-security is categorized as 9, mostly usable-security is categorized as 7, usable-security is categorized as 6, some usable-security is categorized as 3, and not usable-security is categorized as 1.

Figure 3 presents the final usable-security evaluation and categorization guidance. Final usable-security evaluation and categorization guidance. For the security values, we used one value mostly secure: 0. As the assumed security value is considered as the security level that can be achieved when the NIST SP Series is used as a foundation security policy [ 24 ].

Therefore, we used a unified security value for all the thirty scenarios of the CBAA as mostly secure: 0. Figure 4 displays the two sets of the scenarios. Adams, A. Alkussayer, A. In: Park, J. ISA CCIS, vol. Atallah, M. ACM Google Scholar. Benson, G. Bevan, N. Cranor, L. IEEE Secur. DeWitt, A. Interactions 13 3 , 41—44 CrossRef Google Scholar. Ferre, X. Folmer, E. Garfinkel, S. Hamilton, S. MIS Q. Hausawi, Y.

In: Tryfonas, T. HAS LNCS, vol. Springer, Heidelberg Google Scholar. In: Stephanidis, C. Kainda, R. Kim, H. In: Jacko, J. Kirakowski, J. Mayron, L. Pfleeger, C. Simpson, S. Tullis, T. Whitten, A. Good, M. Gutmann, P. Yasser M. Hausawi 1 Email author William H. Allen 2 1. Personalised recommendations. Cite paper How to cite? ENW EndNote. Share paper. The papers thoroughly cover the entire field of Human-Computer Interaction, addressing major advances in knowledge and effective use of computers in a variety of application areas.

The 62 papers presented in the HAS proceedings are organized in topical sections as follows: authentication, cybersecurity, privacy, security, and user behavior, security in social media and smart technologies, and security technologies.

Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.

But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users. Still, many people believe there is an inherent tradeoff between computer security and usability.

It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't.

Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless. There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computerinteraction HCI researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.

Authentication Mechanisms-- techniques for identifying and authenticating computer users. Secure Systems--how system software can deliver or destroy a secure user experience. Privacy and Anonymity Systems--methods for allowing people to control the release of personal information. Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors e.

The Classics--groundbreaking papers that sparked the field of security and usability. This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.

It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. This book represents the proceedings from the event, which was held in Crete, Greece. A total of 19 reviewed papers are included, spanning a range of topics including the communication of risks to end-users, user-centred security in system development, and technology impacts upon personal privacy.

All of the papers were subject to double-blind peer review, with each being reviewed by at least two members of the international programme committee. The 24 revised full papers and 19 short papers presented were carefully selected from submissions. The papers provide the latest results in research and development in the field of information security and applied cryptology.

The 12 papers included in this volume were carefully reviewed and selected from numerous submissions. They show advances in the field of HCI dealing with topics such as wearables, user experience and wellbeing at work, security, usability, user experience and reliability in user-centered development processes.

If there is any one element to the engineering of service systems that is unique, it is the extent to which the suitability of the system for human use, human service, and excellent human experience has been and must always be considered.

An exploration of this emerging area of research and practice, Advances in the Human Side of Service Engineering covers a broad spectrum of ergonomics and human factors issues highlighting the design of contemporary service systems. The 31 revised full papers presented were carefully reviewed and selected from 83 submissions.

There are few more important areas of current research than this, and here, Springer has published a double helping of the latest work in the field. Topics covered include payment systems and authentication. Usability has become increasingly important as an essential part of the design and development of software and systems for all sectors of society, business, industry, government and education, as well as a topic of research.

Today, we can safely say that, in many parts of the world, information technology and communications is or is becoming a central force in revolutionising the way that we all live and how our societies function. IFIP's mission states clearly that it "encourages and assists in the development, exploitation and application of information technology for the benefit of all people".

The question that must be considered now is how much attention has been given to the usability of the IT-based systems that we use in our work and daily lives. There is much evidence to indicate that the real interests and needs of people have not yet been embraced in a substantial way by IT decision makers and when developing and implementing the IT systems that shape our lives, both as private individuals and at work.

But some headway has been made.