Multi-level Fuzzy system for usable-security assessment

Abstract Indubitably, security is an integral aspect of the development of quality software. More importantly, usability is also an elemental and pivotal factor for developing quality software. In fact, it has been noticed that most of the practitioners are trying to develop a highly secure design while maintaining high usability. Unfortunately, the highly secure design of software becomes worthless because the usability of software is very low. Further, usable security is in more demand due to the increasing usage of computers with enhanced usability and need of security in it too. When improving the usability with security of software, underlying security and usability attributes play an important role. For this reason, usable security assessment employs security and usability attributes to achieve the desired security solutions with usability. Different consecutive versions of two software have been taken in this work to assess usable security. Authors are using Fuzzy-AHP methodology to assess the priorities and overall usable-security. In addition, the impact of the security on usability and impact of the usability on security have been evaluated quantitatively. The results obtained and conclusions are useful for practitioners to improve usable-security of software.

[1]  Luigi Lo Iacono,et al.  Towards the Usability Evaluation of Security APIs , 2016, HAISA.

[2]  Cheng-Ru Wu,et al.  Integrating fuzzy theory and hierarchy concepts to evaluate software quality , 2008, Software Quality Journal.

[3]  Gary McGraw Software Assurence for Security , 1999, Computer.

[4]  J. Buckley,et al.  Fuzzy hierarchical analysis , 1999, FUZZ-IEEE'99. 1999 IEEE International Fuzzy Systems. Conference Proceedings (Cat. No.99CH36315).

[5]  Mao-Jiun J. Wang,et al.  Ranking fuzzy numbers with integral value , 1992 .

[6]  T. Saaty,et al.  The Analytic Hierarchy Process , 1985 .

[7]  Scott Ruoti,et al.  Authentication Melee: A Usability Analysis of Seven Web Authentication Systems , 2015, WWW.

[8]  Doowon Kim,et al.  Balancing Security and Usability in Encrypted Email , 2017, IEEE Internet Computing.

[9]  Roger S. Pressman,et al.  Software Engineering: A Practitioner's Approach , 1982 .

[10]  Pam J. Mayhew,et al.  Security and usability of authenticating process of online banking: User experience study , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[11]  Majed Alshamari,et al.  A Review of Gaps between Usability and Security/Privacy , 2016 .

[12]  Ahmed Seffah,et al.  A Methodology for Aligning Usability and Security in Systems and Services , 2018, 2018 3rd International Conference on Information Systems Engineering (ICISE).

[13]  Ivan Flechais,et al.  Designing Secure and Usable Systems , 2005 .

[14]  Yasser M. Hausawi Towards a Usable-Security Engineering Framework for Enhancing Software Development , 2015 .

[15]  Jim Basney,et al.  Mechanisms for increasing the usability of grid security , 2005, Int. J. Hum. Comput. Stud..

[16]  Hannan Xiao,et al.  A study into the usability and security implications of text and image based challenge questions in the context of online examination , 2018, Education and Information Technologies.

[17]  R. A. Khan,et al.  Securo-Phobia: A New Challenge to Usage of Security Technologies , 2014 .

[18]  Hepu Deng,et al.  Multicriteria analysis with fuzzy pairwise comparison , 1999, FUZZ-IEEE'99. 1999 IEEE International Fuzzy Systems. Conference Proceedings (Cat. No.99CH36315).

[19]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.