Integrating a usable security protocol for user authentication into the requirements and design process

L'utilisabilité et la sécurité sont des éléments cruciaux dans le processus d'authentification des utilisateurs. L'un des défis majeurs auquel font face les organisations aujourd'hui est d'offrir des systèmes d'accès aux ressources logiques (par exemple, une application informatique) et physiques (par exemple, un bâtiment) qui soient à la fois sécurisées et utilisables. Afin d'atteindre ces objectifs, il faut d'abord mettre en œuvre les trois composantes indispensables que sont l'identification (c.-à-d., définir l'identité d'un utilisateur), l'authentification (c.-à-d., vérifier l'identité d'un utilisateur) et l'autorisation (c.-à-d., accorder des droits d'accès à un utilisateur). Plus particulièrement, la recherche en authentification de l'utilisateur est essentielle. Sans authentification, par exemple, des systèmes informatiques ne sont pas capables de vérifier si un utilisateur demandant l'accès à une ressource possède les droits de le faire. Bien que plusieurs travaux de recherche aient porté sur divers mécanismes de sécurité, très peu de recherches jusqu'à présent ont porté sur l'utilisabilité et la sécurité des méthodes d'authentification des utilisateurs. Pour cette raison, il nous paraît nécessaire de développer un protocole d'utilisabilité et de sécurité pour concevoir les méthodes d'authentification des utilisateurs. La thèse centrale de ce travail de recherche soutient qu'il y a un conflit intrinsèque entre la création de systèmes qui soient sécurisés et celle de systèmes qui soient facile d'utilisation. Cependant, l'utilisabilité et la sécurité peuvent être construites de manière synergique en utilisant des outils d'analyse et de conception qui incluent des principes d'utilisabilité et de sécurité dès l'étape d'Analyse et de Conception de la méthode d'authentification. Dans certaines situations il est possible d'améliorer simultanément l'utilisabilité et la sécurité en revisitant les décisions de conception prises dans le passé. Dans d'autres cas, il est plus avantageux d'aligner l'utilisabilité et la sécurité en changeant l'environnement régulateur dans lequel les ordinateurs opèrent. Pour cette raison, cette thèse a comme objectif principal non pas d'adresser l'utilisabilité et la sécurité postérieurement à la fabrication du produit final, mais de faire de la sécurité un résultat naturel de l'étape d'Analyse et de Conception du cycle de vie de la méthode d'authentification. \ud ______________________________________________________________________________ \ud MOTS-CLÉS DE L’AUTEUR : authentification de l'utilisateur, utilisabilité, sécurité informatique, contrôle d'accès

A framework for the analysis and evaluation of enterprise models

Bibliography: leaves 264-288.The purpose of this study is the development and validation of a comprehensive framework for the analysis and evaluation of enterprise models. The study starts with an extensive literature review of modelling concepts and an overview of the various reference disciplines concerned with enterprise modelling. This overview is more extensive than usual in order to accommodate readers from different backgrounds. The proposed framework is based on the distinction between the syntactic, semantic and pragmatic model aspects and populated with evaluation criteria drawn from an extensive literature survey. In order to operationalize and empirically validate the framework, an exhaustive survey of enterprise models was conducted. From this survey, an XML database of more than twenty relatively large, publicly available enterprise models was constructed. A strong emphasis was placed on the interdisciplinary nature of this database and models were drawn from ontology research, linguistics, analysis patterns as well as the traditional fields of data modelling, data warehousing and enterprise systems. The resultant database forms the test bed for the detailed framework-based analysis and its public availability should constitute a useful contribution to the modelling research community. The bulk of the research is dedicated to implementing and validating specific analysis techniques to quantify the various model evaluation criteria of the framework. The aim for each of the analysis techniques is that it can, where possible, be automated and generalised to other modelling domains. The syntactic measures and analysis techniques originate largely from the disciplines of systems engineering, graph theory and computer science. Various metrics to measure model hierarchy, architecture and complexity are tested and discussed. It is found that many are not particularly useful or valid for enterprise models. Hence some new measures are proposed to assist with model visualization and an original "model signature" consisting of three key metrics is proposed.Perhaps the most significant contribution ofthe research lies in the development and validation of a significant number of semantic analysis techniques, drawing heavily on current developments in lexicography, linguistics and ontology research. Some novel and interesting techniques are proposed to measure, inter alia, domain coverage, model genericity, quality of documentation, perspicuity and model similarity. Especially model similarity is explored in depth by means of various similarity and clustering algorithms as well as ways to visualize the similarity between models. Finally, a number of pragmatic analyses techniques are applied to the models. These include face validity, degree of use, authority of model author, availability, cost, flexibility, adaptability, model currency, maturity and degree of support. This analysis relies mostly on the searching for and ranking of certain specific information details, often involving a degree of subjective interpretation, although more specific quantitative procedures are suggested for some of the criteria. To aid future researchers, a separate chapter lists some promising analysis techniques that were investigated but found to be problematic from methodological perspective. More interestingly, this chapter also presents a very strong conceptual case on how the proposed framework and the analysis techniques associated vrith its various criteria can be applied to many other information systems research areas. The case is presented on the grounds of the underlying isomorphism between the various research areas and illustrated by suggesting the application of the framework to evaluate web sites, algorithms, software applications, programming languages, system development methodologies and user interfaces

Shortest Route at Dynamic Location with Node Combination-Dijkstra Algorithm

Abstract— Online transportation has become a basic requirement of the general public in support of all activities to go to work, school or vacation to the sights. Public transportation services compete to provide the best service so that consumers feel comfortable using the services offered, so that all activities are noticed, one of them is the search for the shortest route in picking the buyer or delivering to the destination. Node Combination method can minimize memory usage and this methode is more optimal when compared to A* and Ant Colony in the shortest route search like Dijkstra algorithm, but can’t store the history node that has been passed. Therefore, using node combination algorithm is very good in searching the shortest distance is not the shortest route. This paper is structured to modify the node combination algorithm to solve the problem of finding the shortest route at the dynamic location obtained from the transport fleet by displaying the nodes that have the shortest distance and will be implemented in the geographic information system in the form of map to facilitate the use of the system. Keywords— Shortest Path, Algorithm Dijkstra, Node Combination, Dynamic Location (key words

Designing adaptaptive user interfaces for enterprise resource planning systems for small enterprises

It is widely acknowledged that enterprise resource planning (ERP) systems suffer from complex user interfaces. The complexity of these user interfaces negatively affects the usability of these systems. Current research has shown that a need exists to improve the overall usability of ERP systems. This research proposes the use of adaptive user interfaces (AUIs) as a means of improving the overall usability of ERP systems. Research has shown that AUIs are capable of improving system usability by reducing user interface complexity and improving the overall user experience. The primary objective of this research was to determine how AUIs could be designed to improve the usability of ERP systems. An adaptation taxonomy, ERP system architecture (incorporating an AUI), a set of AUI components and a set of usability heuristics for ERP systems were proposed to support the design, development and evaluation of AUIs for ERP systems. The proposed adaptation taxonomy provides support for three types of adaptation: content adaptation, presentation adaptation and navigation adaptation. The proposed ERP system architecture is a three-tiered system architecture, consisting of a Presentation Layer (incorporating an AUI), an Application Layer and a Database Layer. The proposed set of AUI components comprise a user model, a task model and a dialog model. The set of proposed usability heuristics aims to identify usability issues of ERP systems within the areas of Navigation, Presentation, Task Support, Learnability and Customisation. An AUI prototype was developed based on selected adaptive techniques from the proposed adaptation taxonomy and selected components from the proposed system architecture. All of the proposed AUI components were implemented. The AUI prototype was developed for an existing ERP system, namely SAP Business One (SBO). This prototype was designed, in order to resolve the usability issues of SBO identified through the use of the proposed set of heuristics. The development of the AUI prototype was made possible through the use of a software development kit (SDK) provided with SBO. The AUI prototype made use of content adaptation, presentation adaptation and navigation adaptation in order to address the identified usability issues. An empirical evaluation was conducted on the AUI prototype to determine whether it provided any usability benefits over the standard SBO system. The results from the empirical evaluation revealed that the AUI presented usability benefits with regard to learnability and satisfaction. Users who used the AUI prototype were able to learn how to use the ERP system a lot quicker and were more satisfied than users of the standard SBO system. The successful implementation of the AUI prototype provided practical evidence that the proposed adaptation taxonomy and the proposed system architecture can be implemented. This research has provided empirical evidence that the use of AUIs can improve the usability of ERP systems. Future research has outlined several possibilities to utilise and enhance the proposed adaptation taxonomy, the ERP system architecture and ERP heuristics, for the purpose of furthering research within the area of AUIs for ERP systems

An employer demand intelligence framework

Employer demand intelligence is crucial to ensure accurate and reliable education, workforce and immigration related decisions are made. To date, current methods have been manually intensive and expensive — providing insufficient scope of information required to address such important economic implications. This research developed an Employer Demand Intelligence Framework (EDIF) to address detailed employer demand intelligence requirements. To further the EDIF’s functionality, a semi-automated Employer Demand Identification Tool (EDIT) was developed that continuously provide such intelligence