An annotated bibliography is a bibliography that gives a summary of a body of work such as an article, research or thesis. The purpose of annotations is to provide the reader with a summary and an evaluation of the source. Each summary should be a concise exposition of the source’s central idea and give the reader a general idea of the source’s content.
HCISec is the study of interaction between humans and computers, or human–computer interaction, specifically as it pertains to information security. Its aim, in plain terms, is to improve the usability of security features in end user applications.
An annotated bibliography was conducted on 3 bodies of work focused on HCISec and Usability Security.
Piazzalunga, U. & Salvaneschi, P. (2006). How to test usability of security sensitive systems.
This paper focuses on providing information to individuals responsible for conducting and ensuring security within an organizations’ application system for end-user use. The specific target audiences addressed in the paper are information security testers and software developers. In the article, the authors present a test methodology that can be used to assess that a proper balance between usability and security is in place.
Within the article the authors explains by using a define set of metrics and the approach of the quality models (ISO 9126 1991); they are able to create a usability test method. The literature review includes the following steps. First, purpose, context and roles definitions. This part defines the aims of the test and sets the limits as well. Secondly, user selection and task definitions were the selection criteria are set and defined. Thirdly, measurement apparatus design in which the usability attributes, metrics and relationship are computed. Fourthly, conduct the execution and the collection of date, followed by the processing for statistical significance. Finally, a computation of the quality attributes scores using the ISO 9126 quality model and conducts an interpretation of the results to support design recommendations.
The author selected 10 participants whom were either second or third year engineering students with computer knowledge but no experience in processing secure email for the user test. Before commencing the test, the researchers introduced each participant to the test scenario and required task.
The conclusion indicates that the number of hardware components users have to deal with increases the complexity and negatively affect security. Furthermore, the authors suggest the methodology used can be applied to any end-user security system.
Soriano, M. and Ponce, D. (2002). A Security and Usability Proposal for Mobile Electronic Commerce. IEEE Communication Magazine. 0163-6804/02
In this article, the authors provide information pertaining to key proposals that will allow security and usability in the mobile electronic commerce industry. It investigates three basic aspects to conduct effective mobile commerce such as business and service delivery, timely information and immediate completion of transaction.
The article explains end-to-end security as well as speed of information delivery is necessary conditions for mobile electronic commerce. By using constraints in conjunction to mobile agent technology, improvements to the overall systems can occur. The authors also suggest the users should have the following facilities in place such as negotiation and immediate delivery, fast methods of micro and macro payment and usability on the mobile environment.
The author went into depth discussing the wireless environment and its limitation to provide adequate security for mobile electronic commerce use. By using the Wireless transport layer security protocol, they were able to determine that secure channels between the clients and the WAP gateway occurred, but the channel between the WAP gateway and the Internet is supported by TLS that does not guarantee privacy and data integrity.
The authors introduced an alternate approach for end-to-end security in the mobile e-commerce environment. They described, in order to provide a secure end-to-end tunnel between the Internet and the mobile user a modified version of WAE called WAE-Sec. WAE-Sec would provide end-to-end security, be TLS compliant, it would also be transparent to the user and avoid double compression and translation for performance purposes.
The authors conclude advancements in wireless data communication as well as in portable devices allow for unlimited access to information and services anytime and anywhere. Developers should be aware of the limitations within mobile devices and the unpredictable communication medium they use. The limitations provide challenges that are not in traditional client-server approaches to electronic commerce solutions.
Graham, C. (2012). Address Security, Collaboration, and Usability with Tactical Edge Mobile Devices and Strategic Cloud Base Systems. Defense Transformation and Net-Centric Systems. 10.1117/12.919410
This paper discusses security, collaboration and usability of cloud-based data on mobile devices that will be used in the battlefield. The target audience on the article pertains to military based organization with a mandate to produce for military customers in the current reduced budget placed on them.
The author explains the three tenants are necessary components of a successful system. The security, privacy and data integrity must be ensured in the battlefield, effective collaboration must also be ensured so mission objectives are not jeopardized and lastly usability must be achieved and complexity reduces on the mobile devices used is the field.
The author also explains the use of cloud-based services in the model, using Software as a Service (SaaS) as the primary focus. SaaS a software delivery model for mobile cloud interaction is based on create, read, update and delete services. It can be compare to social media applications such as LinkedIn and Twitter. Security is another aspect covered by the author explaining the importance of the mobile environment. For example, the need for OS trustworthiness, application/device management, user management and additional security capabilities all work to address the protection levels.
The author concludes by explaining the differences between user interface and user experience. In user interface, the concern focuses on the interaction the user has with the system, while user experience address all facets of the end-user’s usage of a computer system. He further expresses, when creating a mobile interface, avoiding a complex interface is of the highest importance. The author provides two key concepts to usability. Never listen to the users and simple flourishes, while complex dies.