Finding and Resolving Security Misusability with Misusability Cases

A Adams; A Blyth; A Cockburn; A Cooper; A Dunne; A Lamsweerde van; A Lamsweerde van; A Sutcliffe; CB Haley; D Amyot; D Firesmith; D Mellado; F Moody; G Sindre; I Alexander; I Fléchais; I Fléchais; Ivan Fléchais; J Backhouse; J Cleland-Huang; J Nielsen; JA Dewar; JD Gould; JH Saltzer; JM Darley; K Holtzblatt; KP Yee; MB Rosson; P Kruchten; S Brahnam; S Faily; Shamal Faily

research

Finding and Resolving Security Misusability with Misusability Cases

Authors: A Adams
A Blyth
A Cockburn
A Cooper
A Dunne
A Lamsweerde van
A Lamsweerde van
A Sutcliffe
CB Haley
D Amyot
D Firesmith
D Mellado
F Moody
G Sindre
I Alexander
I Fléchais
I Fléchais
Ivan Fléchais
J Backhouse
J Cleland-Huang
J Nielsen
JA Dewar
JD Gould
JH Saltzer
JM Darley
K Holtzblatt
KP Yee
MB Rosson
P Kruchten
S Brahnam
S Faily
Shamal Faily
Publication date: 1 January 2014
Publisher: 'Springer Science and Business Media LLC'
Doi

Abstract

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice- versa. One way of using scenarios to bridge security and usability involves explicitly describing how design deci- sions can lead to users inadvertently exploiting vulnera- bilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems sub- sequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illus- trating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems