Towards Aligning Security and Usability During the System Development Lifecycle
Naqvi, Bilal (2020-11-17)
Väitöskirja
Naqvi, Bilal
17.11.2020
Lappeenranta-Lahti University of Technology LUT
Acta Universitatis Lappeenrantaensis
School of Engineering Science
School of Engineering Science, Tietotekniikka
Kaikki oikeudet pidätetään.
Julkaisun pysyvä osoite on
https://urn.fi/URN:ISBN:978-952-335-586-6
https://urn.fi/URN:ISBN:978-952-335-586-6
Tiivistelmä
Security and usability are considered to be mutually antagonistic goals. Conflicts arise when recommendations from security and usability perspectives contradict each other. Academic research and industrial practices have revealed that conflict management mainly relies on the skill of the developers. Expertise in both security and usability is difficult to find in one person; therefore, there is a need to support developers when they attempt to manage conflicts.
This research investigates the gaps in research and industrial practices concerning the alignment between security and usability. More importantly, this research investigates how conflicts can be effectively managed during the system development lifecycle. This research proposes the use of design patterns to support the developers in management of the conflicts. Besides other information each pattern encapsulates problem statement, suitable trade-off (the solution), and context of use. The work performed during this dissertation led to the creation of different artefacts that enable identification and documentation of design patterns. Each identified artefact has a context in which it can be applied for identification of design patterns.
This research was conducted based on the principles of design science research. The identified artefacts are listed and discussed in the body of this dissertation. Moreover, various data collection methods, including surveys, interviews, and workshops, were utilised to rationalise and validate this research when applicable.
This research contributes to alignment between security and usability in the system development lifecycle. The key findings are as follows: (1) security and usability can be synergised by managing their conflicts during the system development lifecycle as early as possible; (2) the conflicts can be better understood at the level of the sub-characteristics of security and usability; and (3) the artefacts (formulated during this research) can be helpful for developing a catalogue of usable security design patterns, and the patterns can be used to influence the decision-making of developers and designers in similar contexts.
This research investigates the gaps in research and industrial practices concerning the alignment between security and usability. More importantly, this research investigates how conflicts can be effectively managed during the system development lifecycle. This research proposes the use of design patterns to support the developers in management of the conflicts. Besides other information each pattern encapsulates problem statement, suitable trade-off (the solution), and context of use. The work performed during this dissertation led to the creation of different artefacts that enable identification and documentation of design patterns. Each identified artefact has a context in which it can be applied for identification of design patterns.
This research was conducted based on the principles of design science research. The identified artefacts are listed and discussed in the body of this dissertation. Moreover, various data collection methods, including surveys, interviews, and workshops, were utilised to rationalise and validate this research when applicable.
This research contributes to alignment between security and usability in the system development lifecycle. The key findings are as follows: (1) security and usability can be synergised by managing their conflicts during the system development lifecycle as early as possible; (2) the conflicts can be better understood at the level of the sub-characteristics of security and usability; and (3) the artefacts (formulated during this research) can be helpful for developing a catalogue of usable security design patterns, and the patterns can be used to influence the decision-making of developers and designers in similar contexts.
Kokoelmat
- Väitöskirjat [1099]