Usability and Security by Design: A Case Study in Research and Development
Author(s): Shamal Faily, John Lyle, Ivan Fléchais, Andrew Simpson
Download: Paper (PDF)
Date: 7 Feb 2015
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2015
There is ongoing interest in utilising user experiences associated with security and privacy to better inform system design and development. However, there are few studies demonstrating how, together, security and usability design techniques can help in the design of secure systems; such studies provide practical examples and lessons learned that practitioners and researchers can use to inform best practice, and underpin future research. This paper describes a three-year study where security and usability techniques were used in a research and development project to develop webinos — a secure, cross-platform software environment for web applications. Because they value innovation over both security and usability, research and development projects are a particularly difficult context of study. We describe the difficulties faced in applying these security and usability techniques, the approaches taken to overcome them, and lessons that can be learned by others trying to build usability and security into software systems.