Integrating security and usability into the requirements and design process

According to Ross Anderson, 'Many systems fail because their designers protect the wrong things or protect the right things in the wrong way'. Surveys also show that security incidents in industry are rising, which highlights the difficulty of designing good security. Some recent approaches have targeted security from the technological perspective, others from the human–computer interaction angle, offering better User Interfaces (UIs) for improved usability of security mechanisms. However, usability issues also extend beyond the user interface and should be considered during system requirements and design. In this paper, we describe Appropriate and Effective Guidance for Information Security (AEGIS), a methodology for the development of secure and usable systems. AEGIS defines a development process and a UML meta-model of the definition and the reasoning over the system's assets. AEGIS has been applied to case studies in the area of Grid computing and we report on one of these

Building Efficient Query Engines in a High-Level Language

Abstraction without regret refers to the vision of using high-level programming languages for systems development without experiencing a negative impact on performance. A database system designed according to this vision offers both increased productivity and high performance, instead of sacrificing the former for the latter as is the case with existing, monolithic implementations that are hard to maintain and extend. In this article, we realize this vision in the domain of analytical query processing. We present LegoBase, a query engine written in the high-level language Scala. The key technique to regain efficiency is to apply generative programming: LegoBase performs source-to-source compilation and optimizes the entire query engine by converting the high-level Scala code to specialized, low-level C code. We show how generative programming allows to easily implement a wide spectrum of optimizations, such as introducing data partitioning or switching from a row to a column data layout, which are difficult to achieve with existing low-level query compilers that handle only queries. We demonstrate that sufficiently powerful abstractions are essential for dealing with the complexity of the optimization effort, shielding developers from compiler internals and decoupling individual optimizations from each other. We evaluate our approach with the TPC-H benchmark and show that: (a) With all optimizations enabled, LegoBase significantly outperforms a commercial database and an existing query compiler. (b) Programmers need to provide just a few hundred lines of high-level code for implementing the optimizations, instead of complicated low-level code that is required by existing query compilation approaches. (c) The compilation overhead is low compared to the overall execution time, thus making our approach usable in practice for compiling query engines

Information for Impact: Liberating Nonprofit Sector Data

This paper explores the costs and benefits of four avenues for achieving open Form 990 data: a mandate for e-filing, an IRS initiative to turn Form 990 data into open data, a third-party platform that would create an open database for Form 990 data, and a priori electronic filing. Sections also discuss the life and usage of 990 data. With bibliographical references

Enabling human-centered AI: A new junction and shared journey between AI and HCI communities

Artificial intelligence (AI) has brought benefits, but it may also cause harm if it is not appropriately developed. Current development is mainly driven by a "technology-centered" approach, causing many failures. For example, the AI Incident Database has documented over a thousand AI-related accidents. To address these challenges, a human-centered AI (HCAI) approach has been promoted and has received a growing level of acceptance over the last few years. HCAI calls for combining AI with user experience (UX) design will enable the development of AI systems (e.g., autonomous vehicles, intelligent user interfaces, or intelligent decision-making systems) to achieve its design goals such as usable/explainable AI, human-controlled AI, and ethical AI. WHile HCAI promotion continues, it has not specifically addressed the collaboration between AI and human-computer interaction (HCI) communities, resulting in uncertainty about what action should be taken by both sides to apply HCAI in developing AI systems. This Viewpoint focuses on the collaboration between the AI and HCI communities, which leads to eight recommendations for effective collaboration to enable HCAI in developing AI systems

Eating your own dog food

As part of its project to develop a new research data management system the University of Lincoln is embracing development practices built around APIs - interfaces to the underlying data and functions of the system which are explicitly designed to make life easy for developers by being machine readable and programmatically accessible

Usability testing in a library web site redesign project

An intuitive library information gateway is critical to meeting the information needs of library users in the digital age. This article describes the process involved in redesigning a library Web site. In addition to first determining the goals and requirements for the library Web site, a user and task analysis was conducted for defining the library\u27s user base and types of tasks which users might be performing at the site. Usability testing methods, such as observational interviews, provided fresh insights about how users are interacting with the library Web interface as they approach various information seeking tasks. These usability studies uncovered problems related to unclear terminology, proper use of color, size and location of navigational links, and the need for context sensitive help, built-in redundancy, and clear and consistent navigation