Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Finding and resolving security misusability with misusability cases
Faily S., Fléchais I. Requirements Engineering21 (2):209-223,2016.Type:Article
Date Reviewed: Jul 21 2016

Scenarios are used in both security design and usability design, but these two do not necessarily overlap. Usability design scenarios are concerned more with the personal and occupational goals of legitimate system users. Security scenarios tend to focus on vectors of attack--intentional illegitimate usage of the system. To the extent that security design factors in usability, it is often focused on the usability of security controls, and not the interaction between security and usability concerns per se.

Misusability cases are scenarios that describe how design assumptions and decisions may lead to inadvertent misuse of a system by legitimate users. Examples of this include exploitation of vulnerabilities to achieve user goals, or inadvertent violation of security protocols due to gaps in system security requirements.

The authors present an approach for finding and mitigating security misusability in a system. This includes an initial assessment of related work in user-centered security and design. Following this is a description of the overall approach to eliciting misusability cases, modeling these cases, and investigating and applying the results of this analysis. Finally, a case study is presented, including discussion of the benefits realized by applying the proposed approach.

In a world where system security is increasingly of paramount concern, this approach will be of value to a broad audience, including developers, security professionals, usability engineers, and requirements engineers.

Reviewer:  Nathan Carlson Review #: CR144611 (1610-0763)
Bookmark and Share
 
Design Tools and Techniques (D.2.2 )
 
 
Elicitation Methods (D.2.1 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Design Tools and Techniques": Date
UNIX tool building
Ingham K., Academic Press Prof., Inc., San Diego, CA, 1991. Type: Book (9780123708304)
Aug 1 1991
More C tools for scientists and engineers
Baker L. (ed), McGraw-Hill, Inc., New York, NY, 1991. Type: Book (9780070033580)
Apr 1 1992
Introduction to programming logic for business applications
Wintermeyer L., Reston Publishing Co., Reston, VA, 1987. Type: Book (9789780835932516)
Dec 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy