Trading off usability and security in user interface design through mental models

The aim of this paper is to establish the foundations for developing a mental model that bridges the gap between usability and security in user-centred designs. To this purpose, a meta-model has been developed to align design features with the users’ requirements through tacit knowledge elicitation. The meta-model describes the combinatorial relationships of Security, Usability and Mental (SUM) and how these components can be used to design a usable and secure system. The SUM meta-model led to the conclusion that there is no antagonism between usability and security. However, the degree of usable security depends on the ability of the designer to capture and implement the user’s tacit knowledge. In fact, the SUM meta-model seeks the dilution of the trading-off effects between security and usability through compensating synergism of the tacit knowledge. A usability security cognitive map has been developed for the major constituents of usability and security to clarify the interactions and their influences on the meta-model stipulations. The three intersecting areas of the three components’ relationships are manipulated to expand the Optimal Equilibrium Solution (OES) (δ) expanse. To put the SUM meta-model into practice, knowledge management principles have been proposed for implementing user-centred security and user-centred design. This is accomplished by using collaborative brainpower from various knowledge constellations to design a system within the user’s current and future perception boundaries. Therefore, different knowledge groups, processes, techniques, tactics and practices have been proposed for knowledge transfer and transformation during the mental model development.