Journal article

Finding and resolving security misusability with misusability cases

Abstract:: Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice-versa. One way of using scenarios to bridge security and usability involves explicitly describing how design decisions can lead to users inadvertently exploiting vulnerabilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems subsequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illustrating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems.

Publication status:: Published

Peer review status:: Peer reviewed

Actions

Email

Email this record

Send the bibliographic details of this record to your email address.

Your Email
Please enter the email address that the record information will be sent to.

-
Your message (optional)
Please add any additional information to be included within the email.
Share
Cite

Cite this record

APA Style

Faily, S., & Fléchais, I. (2014). Finding and resolving security misusability with misusability cases. Requirements Engineering, 21(2), 209–223.

MLA Style

Faily, S, and I Fléchais. “Finding and Resolving Security Misusability with Misusability Cases.” Requirements Engineering, vol. 21, no. 2, 2014, pp. 209–23.

Chicago Style

Faily, S, and I Fléchais. 2014. “Finding and Resolving Security Misusability with Misusability Cases.” Requirements Engineering 21 (2): 209–23.
Print

Access Document

Files:: 10.1007%2Fs00766-014-0217-8.pdf

(Preview, Version of record, pdf, 1.4MB, Terms of use)

Publisher copy:: 10.1007/s00766-014-0217-8

Authors

+ Faily, S More by this author

Role:: Author

+ Fléchais, I More by this author

Institution:: University of Oxford
Division:: MPLS
Department:: Computer Science
Role:: Author

Publisher:: Springer London
Journal:: Requirements Engineering More from this journal
Volume:: 21
Issue:: 2
Pages:: 209–223
Publication date:: 2014-12-02
Acceptance date:: 2014-11-25
DOI:: 10.1007/s00766-014-0217-8
EISSN:: 1432-010X
ISSN:: 0947-3602

Keywords:: SBTMR
Pubs id:: pubs:501155
UUID:: uuid:ec1232f1-5ec7-490a-95d5-c539d7ce74cb
Local pid:: pubs:501155
Source identifiers:: 501155
Deposit date:: 2016-05-19
ARK identifier:: ark:/29072/ora_ec1232f15ec7490a95d5c539d7ce74cb

Terms of use

Copyright holder:: Shamal Faily and Ivan Fléchais
Copyright date:: 2014
Notes:: This article is distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) which permits any use, distribution, and reproduction in any medium, provided the original author(s) and the source are credited.

Licence:: CC Attribution (CC BY)

Views and Downloads

About views and downloads

If you are the owner of this record, you can report an update to it here: Report update to this record

TO TOP