Skip to main content

Research Repository

Advanced Search

Finding and resolving security misusability with misusability cases.


Shamal Faily



Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice-versa. One way of using scenarios to bridge security and usability involves explicitly describing how design decisions can lead to users inadvertently exploiting vulnerabilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems subsequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illustrating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems.


FAILY, S. and FLÉCHAIS, I. 2016. Finding and resolving security misusability with misusability cases. Requirements engineering [online], 21(2), pages 209-223. Available from:

Journal Article Type Article
Acceptance Date Nov 25, 2014
Online Publication Date Dec 2, 2014
Publication Date Jun 30, 2016
Deposit Date Sep 29, 2021
Publicly Available Date Dec 7, 2021
Journal Requirements Engineering
Print ISSN 0947-3602
Electronic ISSN 1432-010X
Publisher Springer Verlag
Peer Reviewed Peer Reviewed
Volume 21
Issue 2
Pages 209-223
Keywords Systems security; User-centred design; Software engineering; Requirements engineering
Public URL


You might also like

Downloadable Citations