Article Preview
Top1. Introduction
There is no longer any obvious reason why designing secure and usable systems should be so difficult, especially when guidance on applying Security and Usability Engineering best practice is no longer restricted to the scholarly literature. Several years ago, Nielsen claimed that cost was the principal reason why Usability Engineering techniques are not used in practice (Nielsen, 1994), but technology advances have reduced the financial costs of applying such techniques. Similarly, practical techniques for identifying and mitigating security problems during system design are now available to developers in an easy to digest format (e.g., Schneier, 2000; Swiderski & Snyder, 2004).
Problems arise when considering how to use these approaches as part of an integrated process. Accepted wisdom in software engineering states that requirements analysis and specification activities should precede other stages in a project’s lifecycle (Ghezzi et al., 2003). However, Information Security and HCI proponents argue that their techniques should instead come first. For example, ISO 13407 (ISO, 1999) states that activities focusing on the collection of empirical data about users and their activities should guide early design, but security design methods such as Braber et al. (2007) suggest that such stages should be devoted to high-level analysis of the system to be secured. Invariably, the decision of what concern to put first is delegated to the methodology followed by a designer. The designer has many approaches to choose from, some of which include treatment for security or usability concerns. To date, however, no approach treats both security and usability collectively, beyond treating them both as generic qualities contending with functionality.
The IRIS (Integrating Requirements and Information Security) framework was first introduced by the authors in Faily and Fléchais (2009) to explore the challenges of designing systems with both information security and HCI in mind. This framework encompassed three elements: a meta-model for usable secure requirements engineering (Faily & Fléchais, 2010), a user-centered design method (illustrated in Faily & Fléchais, 2010), and complementary tool-support (Faily & Fléchais, 2010). However, although the second element was described as a method, this is more aptly defined as a methodology. While a method describes a concrete procedure for getting something done, a methodology is a higher level construct motivating the need for choosing between different methods (Iivari et al., 1998). Because the terms method and methodology are used interchangeably, the principles of information system methodologies have been encapsulated in several process frameworks that have, in recent years, emerged in Software, Security, and Usability Engineering. A framework can be defined as a set of milestones indicating when artifacts should be produced, as opposed to a process describing the steps to be carried out to produce the artifacts (Haley, 2007).