Title :
Eliciting usable security requirements with misusability cases
Author :
Faily, Shamal ; Fléchais, Ivan
Author_Institution :
Dept. of Comput. Sci., Univ. of Oxford, Oxford, UK
fDate :
Aug. 29 2011-Sept. 2 2011
Abstract :
Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice-versa. One way of using scenarios to bridge security and usability involves explicitly describing how design decisions can lead to users inadvertently exploiting vulnerabilities to carry out their production tasks. We present Mis-usability Cases: scenarios which describe how design decisions may lead to usability problems subsequently leading to system misuse. We describe the steps carried out to develop and apply misusability cases to elicit requirements and report preliminary results applying this technique in a recent case study.
Keywords :
formal specification; human computer interaction; security of data; misusability case; production tasks; usability problems; usable security requirement; Computer science; Context; Libraries; Security; Software engineering; Systematics; Usability; Goals; Misuse Cases; Obstacles; Personas; Scenarios;
Conference_Titel :
Requirements Engineering Conference (RE), 2011 19th IEEE International
Conference_Location :
Trento
Print_ISBN :
978-1-4577-0921-0
Electronic_ISBN :
1090-705X
DOI :
10.1109/RE.2011.6051665
