 |
| Usability and Security concepts combined |
The human pilot locked the door after the commander left the cockpit for an urgent need. The door cannot be opened by any human from outside the cockpit. Unfortunately, we all know how this story ends. What went wrong? The engineering and management of the security system did not take into account the human experiences and factors, in this story the pilot, the commander and the cabin crew. Similarly Jade from Montreal, traveling to Istanbul via Paris airport, had gone to the ATM to withdraw money. She inserted her credit card and punched her code several times. Then she waited for the cash but to her surprise, there was neither the money nor the receipt nor the card, only a frustrating message “you can request your card from your bank”, meaning in Quebec, not at the Charles de Gaulle Airport.
These stories highlighted the importance of the interplay and the required trade-off between security and human factors. Control access security systems, like the cockpit door or the ATM, have to implement the security policies. They have to be usable, accessible and they should not have any impact on the privacy and safety of humans. Certainly, the commander needs a more usable security, or the credit card problems should not occur. But who are the humans and organizations responsible for such disasters when they happened? Privacy and accountability are also human quality factors awaiting for further considerations.
ISO Standards such 25000 and 27000 both list usability and security as two quality attributes for software-intensive systems. The neglected concern is the intimate relationship between usability/quality in use and security. Maintaining an acceptable compromise between usability and security needs first to avoid the current security and software engineering practices suggesting that usability and security can be treated by two different teams. The first team is the Human Computer Interaction (HCI). Their role is to ensure that an acceptable level of usability and a variety of user experiences are supported. The second team is the software and the security engineering developers. Their role is to ensure that the system is secure while available and confidential with the system-held information.
The goal of our research at Lappeenranta University of Technology is to develop a new generation of methods and tools to designing, engineering and testing software-intensive product, service and systems that are usable yet secure, safe and economically valuable. The practical outcomes include standardization recommendations for identifying and modeling the intimate relationships between usability and security characteristics, and their integration into the development of a large variety of security systems and services. Fundamental research agenda includes the development and validation of concepts, metrics, patterns, methods and tools all embedded into an integrative human-centric framework. The framework should also supports the experiences security policy makers and usability experts, as they are humans too and responsible for engineering the right security and ensuring that the usability is right.
Did you find this research proposal interesting? Please contact Prof. Ahmed Seffah, ahmed.seffah@lut.fi
ISO Standards such 25000 and 27000 both list usability and security as two quality attributes for software-intensive systems. The neglected concern is the intimate relationship between usability/quality in use and security. Maintaining an acceptable compromise between usability and security needs first to avoid the current security and software engineering practices suggesting that usability and security can be treated by two different teams. The first team is the Human Computer Interaction (HCI). Their role is to ensure that an acceptable level of usability and a variety of user experiences are supported. The second team is the software and the security engineering developers. Their role is to ensure that the system is secure while available and confidential with the system-held information.
The goal of our research at Lappeenranta University of Technology is to develop a new generation of methods and tools to designing, engineering and testing software-intensive product, service and systems that are usable yet secure, safe and economically valuable. The practical outcomes include standardization recommendations for identifying and modeling the intimate relationships between usability and security characteristics, and their integration into the development of a large variety of security systems and services. Fundamental research agenda includes the development and validation of concepts, metrics, patterns, methods and tools all embedded into an integrative human-centric framework. The framework should also supports the experiences security policy makers and usability experts, as they are humans too and responsible for engineering the right security and ensuring that the usability is right.
Did you find this research proposal interesting? Please contact Prof. Ahmed Seffah, ahmed.seffah@lut.fi
Ei kommentteja:
Lähetä kommentti
Huomaa: vain tämän blogin jäsen voi lisätä kommentin.