Security and usability: searching for the philosopher's stone.

This paper describes the unique challenges facing usable security research and design, and introduces three proposals for addressing these. For all intents and purposes security design is currently a craft, where quality is dependent on individuals and their ability, rather than principles and engineering. However, the wide variety of different skills necessary to design secure and usable systems is unlikely to be mastered by many individuals, requiring an unlikely combination of insight and education. Psychology, economics and cryptography have very little in common, and yet all have a role to play in the field of usable security. To address these concerns, three proposals are presented here: to adopt a principled design framework for usable security and privacy, to support a research environment where skills and knowledge can be pooled and shared, and to guide and inform the principles that underpin the educational curriculum of future security engineers and researchers

Improving secure systems design with security culture.

This poster summarises how the concept of security culture can be used to improve systems security and secure systems design. It highlights: the use of personas and user-centred design; environment modeling and understanding a system's context; and the use of goal, requirement and task analysis

Seeking the philosopher's stone.

This article describes the unique challenges facing usable security research and design, and introduces three proposals for addressing these. For all intents and purposes, security design is currently a craft, where quality is dependent on individuals and their ability, rather than on principles and engineering. However, the wide variety of different skills necessary to design secure and usable systems is unlikely to be mastered by many individuals, requiring an unlikely combination of insight and education. Psychology, economics and cryptography have very little in common, and yet all have a role to play in the field of usable security. To address these concerns, three proposals are presented here: 1) to adopt a principled design framework for usable security and privacy; 2) to support a research environment where skills and knowledge can be pooled and shared; and 3) to guide and inform the principles that underpin the educational curriculum of future security engineers and researchers

Eliciting usable security requirements with misusability cases.

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice-versa. One way of using scenarios to bridge security and usability involves explicitly describing how design decisions can lead to users inadvertently exploiting vulnerabilities to carry out their production tasks. We present Mis-usability Cases: scenarios which describe how design decisions may lead to usability problems subsequently leading to system misuse. We describe the steps carried out to develop and apply misusability cases to elicit requirements and report preliminary results applying this technique in a recent case study

Security through usability: a user-centered approach for balanced security policy requirements.

Security policy authors face a dilemma. On one hand, policies need to respond to a constantly evolving, well reported threat landscape, the consequences of which have heightened the security awareness of senior managers. On the other hand, the impact of policies extend beyond constraints on desktop computers and laptops; an overly constrained policy may compromise operations or stifle the freedom needed for staff to innovate. Because few people are fired for making a policy too secure, as long as usability continues to be treated as a trade-off quality together with functionality then policies will err on the side of constraint over freedom of action. Existing work argues that balanced security can be achieved using Requirements Engineering best practice. Such approaches, however, treat usability as another class of quality requirement, and prescribed techniques fail to elicit or analyse empirical data with the same richness as those used by usability professionals. There is, therefore, a need to incorporates techniques from HCI into the task of specifying security, but without compromising Requirements Engineering practice. Recent work demonstrated how user-centered design and security requirements engineering techniques can be aligned; this approach was validated using a general system design project, where ample time was available to collect empirical data and run participatory requirements and risk workshops. The question remains whether such an approach scales for eliciting policy requirements where time is an imperative rather than a luxury

To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design.

When designing secure systems, we are inundated with an eclectic mix of security and non-security requirements; this makes predicting a successful outcome from the universe of possible security design decisions a difficult problem. We propose augmenting the process of security design with the paradigm of Security Entrepreneurship: the application of innovation models and principles to organise, create, and manage security design elements to bring about improved system security. We propose three initial Security Entrepreneurship techniques as examples of this paradigm, describe how their underlying models align with secure systems design, and help predict the social and technical impact of possible design decisions. We also pose a number of thought experiments, and suggest possible research agendas for Security Entrepreneurship

User-centered information security policy development in a post-Stuxnet world.

A balanced approach is needed for developing information security policies in Critical National Infrastructure (CNI) contexts. Requirements Engineering methods can facilitate such an approach, but these tend to focus on either security at the expense of usability, or vice-versa, it is also uncertain whether existing techniques are useful when the time available for applying them is limited. In this paper, we describe a case study where Usability and Requirements Engineering techniques were used to derive missing requirements for an information security policy for a UK water company following reports of the Stuxnet worm. We motivate and describe the approach taken while carrying out this case study, and conclude with three lessons informing future efforts to integrate Security, Usability, and Requirements Engineering techniques for secure system design

Formal evaluation of persona trustworthiness with EUSTACE.

Personas are useful for considering how users of a system might behave, but problematic when accounting for hidden behaviours not obvious from their descriptions alone. Formal methods can potentially identify such subtleties in interactive systems, but we lack methods for eliciting models from qualitative persona descriptions. We present a framework for eliciting and specifying formal models of persona behaviour that a persona might, in certain circumstances, engage in. We also summarise our preliminary work to date evaluating this framework

Finding and Resolving Security Misusability with Misusability Cases

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice- versa. One way of using scenarios to bridge security and usability involves explicitly describing how design deci- sions can lead to users inadvertently exploiting vulnera- bilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems sub- sequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illus- trating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems

On the design and development of webinos: a distributed mobile application middleware.

As personal devices become smarter, opportunities arise for sharing services, applications and data between them. While web technologies hold the promise of being a unifying layer, browsers lack functionality for supporting inter-device communication, synchronization, and security. To address this, we designed webinos: a cross-device distributed middleware providing interoperability, compatibility and security for mobile web applications. In this paper we present a case study of the webinos project, showing how the architecture of webinos was specified, designed and implemented, and reflect on several lessons learned