Eliciting usable security requirements with misusability cases
This data was imported from DBLP:
Authors: Faily, S. and Flechais, I.
Publisher: IEEE Computer Society
This data was imported from Scopus:
Authors: Faily, S. and Fléchais, I.
Journal: Proceedings of the 2011 IEEE 19th International Requirements Engineering Conference, RE 2011
Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice-versa. One way of using scenarios to bridge security and usability involves explicitly describing how design decisions can lead to users inadvertently exploiting vulnerabilities to carry out their production tasks. We present Mis-usability Cases: scenarios which describe how design decisions may lead to usability problems subsequently leading to system misuse. We describe the steps carried out to develop and apply misusability cases to elicit requirements and report preliminary results applying this technique in a recent case study. © 2011 IEEE.