Usable Security Heuristics for Instant Messaging Application Development

- Van Niekerk, Craig Michael

Title
Usable Security Heuristics for Instant Messaging Application Development
Creator
Van Niekerk, Craig Michael
Subject
Application software -- Development
Date Issued
2022-04
Date
2022-04
Type
Master's theses
Type
text
Identifier
http://hdl.handle.net/10948/58506
Identifier
vital:59655
Description
As instant messaging (IM) applications have become more popular, the privacy and security concerns associated with their usage has become ever more relevant. As with many software programs, IM applications have a history of security vulnerabilities. Although IM application usage is globally increasing, it has been found that currently no generally recognised standards exist to aid IM application developers when developing the usability of the security features they implement. The problem is further exacerbated as research suggests that typical users have neither the requisite understanding of the available IM security features, nor the capacity to make full use of those protection features. The primary objective of this study is to create a set of usable security heuristics to assist developers of instant messaging applications to consider the usability of the security features implemented in these applications. This primary objective is further divided into several secondary objectives, which collectively aim to address the proposed problem. Therefore, the secondary objectives are to determine IM security risks and their related implications on users; to identify and investigate existing security and usability heuristics, guidelines, standards and best practices for mobile application development; to map the identified security and usability heuristics, guidelines, standards and best practices to IM applications; and to develop a prototype to demonstrate the applicability of the proposed usable security heuristics to a typical IM application. First, a comprehensive literature study is used to determine and understand the information security threats relevant to IM applications, how IM applications operate, the security features implemented by IM applications and the potential impact the relevant information security threats could have on IM application users. Thereafter, a further literature review and content analysis are used to identify and investigate existing heuristics, guidelines, standards, and best practices for mobile application development. The findings from the content analysis, in combination with the previously identified threats to IM applications, are then mapped to IM applications, and a preliminary set of usable security heuristics for IM application development is established. This preliminary set of usable security heuristics undergoes multiple iterations of refinement to establish the proposed set of usable security heuristics for IM application development. Furthermore, an expert review is conducted to validate the proposed set of usable security heuristics from the perspectives of security, usability, and mobile application development. In addition, the expert review was also used to determine the efficacy, utility, and quality of the proposed usable security heuristics. To further validate the proposed heuristics, a proof-of-concept prototype is used, in addition to the expert review, to demonstrate the applicability of the proposed set of usable security heuristics to a typical IM application. Such a set of usable security heuristics would be useful for IM application developers and would result in the vi improved implementation of usable security, leading to an improvement in the security of IM applications. The proposed set of usable security heuristics therefore adds a further contribution to this research area, providing a solid foundation for future research.
Description
Thesis (MA) -- Faculty of Engineering, the Built Environment, and Technology, 2022
Format
computer
Format
online resource
Format
application/pdf
Format
1 online resource (xviii, 198 pages)
Format
pdf
Publisher
Nelson Mandela University
Publisher
Faculty of Engineering, the Built Environment, and Technology
Language
English
Rights
Nelson Mandela University
Rights
All Rights Reserved
Rights
Open Access
  • Hits: 396
  • Visitors: 416
  • Downloads: 32

Collections

NMU School of Information and Communication Technology
Thumbnail File Description Size Format
SOURCE1 van Niekerk, CM.pdf 3 MB Adobe Acrobat PDF
  • Disclaimer
  • Privacy
  • Copyright
  • Contact