From Persona Non Grata to Persona Imperitus: Modeling Personas to Design Usable and Secure Software Applications

Publication Date

1-1-2025

Document Type

Conference Proceeding

Publication Title

Lecture Notes in Computer Science

Volume

15815 LNCS

DOI

10.1007/978-3-031-92840-6_13

First Page

223

Last Page

241

Abstract

Developing novel software applications to promote positive social and health impact presents significant challenges for system designers, particularly when attempting to achieve high usability and security compliance. These challenges are especially evident in the early stages of software development, where multiple user and stakeholder perspectives must be considered, such as in the case of emergency communications that is presented in this article. In this study, we explore a range of user persona types as evidenced by user-centered design (UCD) interviews and focus groups conducted with 115 emergency medical practitioners across 48 organizations participating in the design of a multi-organizational software system. Our simplified four-quadrant persona framework considers malicious and non-malicious users and desireable vs undesireable user behaviors. Our findings suggest that assessing user and threat intelligence concepts as a UCD technique can support the identification of various system risks and allow for a more comprehensive threat assessment. It further suggests that a design approach, inclusive of UCD and attacker personas, could support system designers in analyzing and prioritizing risks, ensuring that usability and security are integrated during the early phases of software development.

Keywords

Personas, Secure Software Applications, User-centered design (UCD)

Department

Information

Link to Full Text

Share

COinS