Conservation of Limited Resources: Design Principles for Security and Usability on Mobile Devices

Mobile devices have evolved from an accessory to the primary computing device for an increasing portion of the general population. Not only is mobile the primary device, consumers on average have multiple Internet-connected devices. The trend towards mobile has resulted in a shift to “mobile-first” strategies for delivering information and services in business organizations, universities, and government agencies. Though principles for good security design exist, those principles were formulated based upon the traditional workstation configuration instead of the mobile platform. Security design needs to follow the shift to a “mobile-first” emphasis to ensure the usability of the security interface. The mobile platform has constraints on resources that can adversely impact the usability of security. This research sought to identify design principles for usable security for mobile devices that address the constraints of the mobile platform. Security and usability have been seen as mutually exclusive. To accurately identify design principles, the relationship between principles for good security design and usability design must be understood. The constraints for the mobile environment must also be identified, and then evaluated for their impact on the interaction of a consumer with a security interface. To understand how the application of the proposed mobile security design principles is perceived by users, an artifact was built to instantiate the principles. Through a series of guided interactions, the importance of proposed design principles was measured in a simulation, in human-computer interaction, and in user perception. The measures showed a resounding difference between the usability of the same security design delivered on mobile vs. workstation platform. It also reveals that acknowledging the constraints of an environment and compensating for the constraints yields mobile security that is both usable and secure. Finally, the hidden cost of security design choices that distract the user from the surrounding environment were examined from both the security perspective and public safety perspective

Information Foraging Theory as a Unifying Foundation for Software Engineering Research : Connecting the Dots

Empirical studies have shown that programmers spend up to one-third of their time navigating through code during debugging. Although researchers have conducted empirical studies to understand programmers’ navigation difficulties and developed tools to address those difficulties, the resulting findings tend to be loosely connected to each other. To address this gap, we propose using theory to “connect the dots” between software engineering (SE) research findings. Our theory of choice is Information Foraging Theory (IFT) which explains and predicts how people seek information in an environment. Thus, it is well-suited as a unifying foundation because navigating code is a fundamental aspect of software engineering. In this dissertation, we investigated IFT’s suitability as a unifying foundation for SE through a combination of tool building and empirical user studies of programmers debugging. Our contributions show how IFT can help to unify SE research via cross-cutting insights spanning multiple software engineering subdisciplines

An Activity Theory-based Architecture To Enhance Context-aware Collaboration In Software Development In The Cloud

This research study reviews collaborative software development and assesses the impact of cloud computing in this domain. This is with a view towards identifying challenges to effective context-aware collaboration, as well as opportunities, risks, and potential benefits that could come from a well-defined structured leverage of cloud capabilities. Findings from systematic review of literature indicate that adoption of cloud computing played a significant part in bringing about trends such as: movement of traditional applications and processes to the cloud; cloud development environments; increased distribution in teams and resources; increased diversity in requirements; changes in how software is developed, tested, deployed, accessed, and maintained. These trends have in turn introduced factors such as: massive scale; additional layers of complexity in abstraction levels, entity characteristics and entity relationships within the development process. This additional layer of complexity translates into increase in contexts i.e., information that can be used to characterize states of entities. This is in addition to existing traditional complexity i.e., measure of proportionality of activities and tasks within the process. Some notable efforts towards improving collaboration in software development in the cloud include: transitioning development environments, tools and teams to the cloud; provision of code repositories and version control functionality to support collaboration between developers; provision of platforms to enhance collaboration between developers and end-users in early stages of the process via registered project campaigns and targeted questionnaires; provision of platforms with integrated social networking tools. However, an essential missing piece for more effective context-aware collaboration in the process is, the need for ways of addressing resultant complexity from cloud adoption and capturing actionable contexts. Capturing and communicating contextual information can help improve awareness and understanding and facilitate role-based coordination of distributed team members including users, and not just developers. This would ensure all stakeholders are always on the same page even if not in same location, across all phases of development. The main aim of this research study is to apply a new architecture framework underpinned by the right theoretical foundations, capable of leveraging cloud capabilities, harnessing contexts and addressing complexity to enhance context-aware collaboration in cloud-based software development. To achieve this aim, knowledge gleaned from the systematic literature review and the gap-impact analysis was thematized and synthesized to provide optimal recommendations to serve as roadmap guide for the development and evaluation carried out, and subsequent knowledge contributions. Key dimensions were adapted, along with development of classifications for approaches to enhancing collaboration in software development in the cloud. The key dimensions created were for - assessing collaboration needs; definition of context data and levels; collecting, categorizing, analysing, and applying contextual information to tasks, activities, and stages within software development in the cloud. These dimensions and classifications are useful for identification of reliable ways of measuring collaboration and success factors, as well as managing complexity and ensuring synchronous regularity of process and understanding within the development process in the cloud. A formal process was proposed to aid selection of an appropriate theoretical basis and assembling of a theoretical framework and methodology to underpin the architecture for enhancing context-aware collaboration in cloud-based software development. This was necessary due to the current lack of a de-facto architecture method for cloud-based software development. An activity theory-based architecture has been designed and developed, along with a Proof-of-Concept (POC) implementation that leverages cloud capabilities, for evaluation of the architecture. This architecture presents a novel approach for enhancing collaboration in software development in the cloud due to its underlying activity theory-based tenets that considers ‘activity’ as the unit of analysis, and ideal for activity systems and ease of identification of congruencies and contradictions present or capable impacting related components of the activity system and its ecosystem. The conclusions for this research study, limitations and future research directions have been discussed at the end of this thesis work