Towards a Usable-Security Engineering Framework for Enhancing Software Development
Hausawi, Yasser M.
MetadataShow full item record
Computer systems are fundamental tools for almost every single process in life. People from all over the globe use computer systems for an unlimited number of purposes. Consequently, a close relationship between people and computer systems exists. Current research investigates how people and such systems to interact with each other in a proper manner. The research work on this matter is being conducted in different directions; one direction is investigating people’s behaviors toward computer systems, such as the cognitive and mental state of humans when interacting with computer systems; another direction studies the computer system’s behaviors toward people, such as studying the systems’ quality attributes and enhancing them during the Software Development Life-Cycle (SDLC) phases; moreover, a third hybrid research area takes a bidirectional approach by examining both people and computer systems. Examples of this hybrid approach are Human-Computer Interaction (HCI), and Human Computer Interaction and Security (HCI-SEC). Our research project applies the hybrid bidirectional research path of the HCI and the HCI-SEC through investigating two software quality attributes, security and usability, from the human-centered perspectives during three phases of the SDLC, which are requirements, design, and evaluation (testing). The work focuses on assessing, balancing, measuring, and evaluating the two quality attributes and the relationship between them, namely: usable-security. Towards achieving our goal, we have proposed and designed the Usable-Security Engineering Framework (USEF) for enhancing software development processes when aligning and balancing security and usability is an issue. The framework has three components, each component addresses one of the three previously mentioned phases of the Software Development Life-Cycle (SDLC). The first component is an Assessment Framework for Usable-Security (AFUS) based on decision science during the requirements engineering phase. The second component is a set of usable-security guidelines applied during the design phase. The third component is a usable-security measuring matrix applied during the evaluation phase. The three components are related to one another and work together as one solution that enhances the process of integrating security and usability during software development; however, each component can work independently from the other components.