An Experimental System for Studying the Tradeoff Between Usability and Security

Noam Ben-Asher, Joachim Meyer, Sebastian Möller, Roman Englert

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

18 Scopus citations


An ideal system should be usable and secure. However, increasing the security of a system often makes its use more cumbersome and less efficient. This tradeoff between usability and security poses major challenges for system designers. System security may be impaired when users override or ignore security features to facilitate the use of the system. Little empirical data are available on user behavior regarding the tradeoff between security and usability. To obtain such data we developed a controlled research environment (i.e., a microworld) for studying users' tendency to take precautionary actions as a function of the tradeoff between a system's usability and the level of security the system provides. It is a modified version of a "Tetris" game and includes an alert system that warns about possible virus attacks, which, if not prevented, can cause losses of monetary earnings. Users could alter the threshold settings of the security system. The system allows us to manipulate the usability cost of using a security feature, the severity of the consequences of an attack, the likelihood that a threat will occur, and the statistical properties of the security system. In a preliminary experiment two groups of 10 participants each used the system for three 20-minutes sessions. The likelihood for an attack was 4 times higher for one group than for the other group. The likelihood of an attack clearly affected participants' behavior. When attacks were more likely, participants altered thresholds more frequently, selected more cautious thresholds, and tended to respond more to security system alerts. This microworld is a step towards the development of quantitative predictive models of user interactions with security features while using a system.

Original languageEnglish
Title of host publicationProceedings - International Conference on Availability, Reliability and Security, ARES 2009
Number of pages6
StatePublished - 12 Oct 2009
EventInternational Conference on Availability, Reliability and Security, ARES 2009 - Fukuoka, Fukuoka Prefecture, Japan
Duration: 16 Mar 200919 Mar 2009


ConferenceInternational Conference on Availability, Reliability and Security, ARES 2009
CityFukuoka, Fukuoka Prefecture


  • Alerts
  • Experimental system
  • Security
  • Security settings
  • Usability

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'An Experimental System for Studying the Tradeoff Between Usability and Security'. Together they form a unique fingerprint.

Cite this