Usable Security

Usable Security

Andrea Atzeni (Politecnico di Torino, Italy), Shamal Faily (Bournemouth University, UK) and Ruggero Galloni (Square Reply S.r.l., Italy)
DOI: 10.4018/978-1-5225-7492-7.ch027

Abstract

The increased availability of information and services has led to the affirmation of the internet involvement for a large segment of the population. This implies a paradigm shift for computer security: users become less skilled and security aware, requiring easier interface to communicate with “the machine” and more specific and comprehensible security measures. These two aspects, which are complex and challenging, have significant reciprocal influence. In practice, it has proven very intriguing to study and propose effective trade-offs among them. This chapter focus on these aspects by analyzing the goals and state of the art of usability and security to understand where and how they might be effectively “aligned.”
Chapter Preview
Top

Background

Human-Computer Interaction (HCI) is a field concerned with the interaction between people and technology, and how this supports humans in completing tasks to achieve one of more specific goals. Traditionally, it has been involved in analyzing and improving usability.

HCI has been an active area of research since the 1980s. It has focused on improving the design of user interfaces, and helping users transforming their goals into productive actions for the computers. Improving user interfaces and usability is important because poorly designed interfaces increase the potential for human error. In particular, human behavior is largely goal-driven, therefore the execution of activities which help the users to achieve their goals is the main key to create a usable system. So, when a user “engages with a complex system of rules that change as the problem changes” (e.g. an interface does not present information clearly and coherently with a user mental model), it leads to “Cognitive Friction” (Cooper, 2004).

The “Cognitive Friction” is a by-product of the information age, and it is more evident in all the computing devices lacking a natural cause-effect relation between user input and device output, e.g. when similar inputs result in different outputs.

When a person is dealing with the cognitive friction, ancestral mechanisms of the human being come into play. As result, in this case, users cannot be modeled as purely rational beings. Thus, to understand users’ behavior, and to appreciate how systems can be made usable, we need to consider the following factors:

Complete Chapter List

Search this Book:
Reset