Going Beyond Usability and UX Adding Dependability, Safety and Security to Interactive Systems and Interactive Technologies 

Introduction 

With the early work on understanding interactive systems [1] came the identification of properties that “good” interactive systems should exhibit (e.g. honesty) and “bad” properties that they should avoid (e.g. deadlocks). Later, guidelines for the design of interactive systems [2] were provided, identifying in a similar way “good” property (e.g. guidance), in order to favor usability of these systems. In the area of software engineering, early work [3] identified two main good properties of computing systems namely safety (i.e. nothing bad will ever happen) and liveness (i.e. something good will eventually happen). In [4] a hierarchy of software properties is proposed identifying, for the first time, explicit relationships between properties gathered in a hierarchy (e.g. “reactivity” divided in “recurrence” and “persistence”). While in the area of Human-Computer Interaction the properties were initially expressed in an informal way, [5] and [6] proposed the use of temporal logics to describe these properties.

Content Description

In HCI the focus was early made on usability standardized in the ISO 9241-11 [7] which decomposed usability in effectiveness, efficiency and satisfaction. More recently, User Experience [8] was introduced which includes affects and emotions, aesthetics or values. [10] further decomposes this property into six contributing factors: Aesthetics, Emotions, Identification, Stimulation, Meaning and Value and Social-connectedness.

As a consequence, most of the contributions in the area of HCI focus on these two properties, leaving aside other (more system-related properties) properties such as dependability [13], safety [13] or security [12] and privacy [11]. As an example, dependability is decomposed into five contributing factors: availability, safety, reliability, integrity and maintainability while security is decomposed into three: availability, integrity and privacy. One key element that can be seen from these decompositions of properties is that they are intertwined. Indeed, two of the three factors of security are shared with dependability. Work such as [14] and [15] has been dedicated to making explicit the articulation between these properties, including the HCI-related ones: usability and user experience.

The key aspect is that some HCI research touches systems for which dependability or safety (just to name two) are of prime importance. Work in [16] introduces a new interaction technique for interactive cockpits of aircrafts but the dependability is critical and not addressed in that paper but fortunately presented in another venue dedicated to safety and dependability [17]. On a similar viewpoint, as usability-driven research proposes new interactive technologies such as multitouch ones [23] research has to be conducted on the dependability side to propose new formal approaches to engineer those interactive technologies [9]. As for safety, [18] introduces an AR application to support decision making while cycling. In that paper safety is mentioned during the evaluation but no relationship to safety engineering practice is mentioned.

This course builds on top of this perspective adopting a multi-properties perspective and considering interactive systems as artefacts supporting operators’ work and users’ tasks and for which each property has to be assess in the light of the other conflicting ones. We will consider that the audience is knowledgeable in usability and user experience, thus the focus will be on safety, dependability and security and their interplay with usability and UX. We believe that this will increase the potential deployment in real settings of HCI research that remains otherwise disconnected from some of the real-world constraints.

Contribution and benefit

This course will provide newcomers with background knowledge in automation. It provides an overview on how the recent advances in safety, dependability and security engineering can be exploited to design and assess interactive applications and interaction techniques. This course will also provide material for lecturers who want to include properties assessment in their HCI courses. Finally, the course will provide examples from various domains including Aviation, Air Traffic Management, Automotive, Nuclear Power Plants …  highlighting both successes and failures of properties assessment. Concrete examples and exercises will also be provided to support the application of the course elements to practical cases

Objectives

On completion of this tutorial, attendees will:

• Know the intrinsic and extrinsic characteristics of the properties of interactive systems and interaction technologies, 

• Be able to decompose these properties in contributing factors and to assess the presence of these contributing factors in a prototype or system,

• Know many examples on how multiple properties have been used in various domains such as automotive, aviation, Air Traffic Control, space domain …,

• Know and understand the cost (in terms of time and resources) of considering a given property, 

• Understand the potential consequences for not considering relevant properties in system design and engineering, 

• Know the various disciplines and their research venues for each of the presented properties.

 References

[1] Alan Dix. Abstract, Generic Models of Interactive Systems. BCS HCI 1988, 63-77 (1988).

[2]Jean Vanderdonckt. Development milestones towards a tool for working with guidelines. Interacting with Computers 12(2), 81-118 (1999).

[3] Leslie Lamport. Proving the correctness of multiprocess programs. IEEE transactions on software engineering (2), 125-143 (1977).

[4] Zohar Manna & Amir Pnueli. A Hierarchy of Temporal Properties. ACM Symposium on Principles of Distributed Computing 377-410 (1990).

[5] Amir Pnueli. The Temporal Logic of Programs. 18th IEEE symposium on the Foundations of Computer Science, 46-57 (1977)

[6] Amir Pnueli. Applications of Temporal Logic to the Specification and Verification of Reactive Systems: A Survey of Current Trends. LNCS n° 224 p.510-584. Springer Verlag (1986).

[7] ISO: International Standard Organization: “ISO 9241-11” Ergonomic requirements for office work with visual display terminals (VDT) – Part 11 Guidance on Usability (1996)

[8] Paul Desmet & Peter Hekkert. (2007). Framework of Product Experience. International Journal of Design, 1(1), 13-23

[9] Arnaud Hamon, Philippe Palanque, José-Luis Silva, Yannick Deleris and Eric Barboni. 2013. Formal description of multi-touch interactions. In Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems (EICS '13). Association for Computing Machinery, New York, NY, USA, 207–216.

[10] Michael Pirker & Regina Bernhaupt. 2011. Measuring user experience in the living room: results from an ethnographically oriented field study indicating major evaluation factors. In Proceedings of the 9th European Conference on Interactive TV and Video (EuroITV '11). ACM, 79–82. 

[11] Paul Gerber, Melanie Volkamer and Karen Renaud. 2015. Usability versus privacy instead of usable privacy: Google's balancing act between usability and privacy. SIGCAS Comput. Soc. 45, 1 (February 2015), 16–21.

[12] Angela Sasse, Clare-Marie Karat and Roy Maxion. Designing and evaluating usable security and privacy technology. In: Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS '09). ACM, New York, NY, USA, Article 16, 1 page (2009).

[13] Algirdas Aviziens, Jean-Claude Laprie, Brian Randell & Karl Landwer. 2004. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Trans. Dependable Secur. Comput. 1, 1 (Jan. 2004), 11-33

[14] Elodie Bouzekri, Alexandre Canny, Célia Martinie & Philippe Palanque. (2020). Characterizing Sets of Systems: Representation and Analysis of Across-Systems Properties. In INTERACT 2019 workshop proceedings. Lecture Notes in Computer Science, vol 11930. Springer, Cham.

[15] Camille Fayollas, Célia Martinie, Philippe Palanque, Yamine Ait-Ameur & FORMEDICIS. (2018). QBP Notation for Explicit Representation of Properties, Their Refinement and Their Potential Conflicts: Application to Interactive Systems. In Global Thoughts, Local Designs. INTERACT 2017. Lecture Notes in Computer Science, vol 10774. Springer, Cham.

[16] Andy Cockburn, Carl Gutwin, Philippe Palanque, Yannick Deleris, Catherine Trask, Ashley Coveney, Marcus Yung & Karon MacLean. 2017. Turbulent Touch: Touchscreen Input for Cockpit Flight Displays. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI '17). Association for Computing Machinery, New York, NY, USA, 6742–6753.

[17] Philippe Palanque, Andy Cockburn, Léopold Désert-Legendre, Carl Gutwin, Yannick Deleris. (2019). Brace Touch: A Dependable, Turbulence-Tolerant, Multi-touch Interaction Technique for Interactive Cockpits. In: Romanovsky, A., Troubitsyna, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2019. Lecture Notes in Computer Science vol 11698. Springer, Cham

[18] Andrii Matviienko, Florian Müller, Dominik Schön, Paul Seesemann, Sebastian Günther & Max Mühlhäuser. 2022. BikeAR: Understanding Cyclists’ Crossing Decision-Making at Uncontrolled Intersections using Augmented Reality. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI '22). Association for Computing Machinery, New York, NY, USA, Article 366, 1–15. 

[19] Philippe Palanque & Célia Martinie. 2015. Designing and Assessing Interactive Systems Using Task Models. In Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems (CHI EA '15). Association for Computing Machinery, New York, NY, USA, 2465–2466. </bib> <bib id="bib20"><number>

[20] Philippe Palanque, Célia Martinie & Camille Fayollas. 2018. Automation: Danger or Opportunity? Designing and Assessing Automation for Interactive Systems. In Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems (CHI EA '18). Association for Computing Machinery, New York, NY, USA, Paper C19, 1–4.</bib> <bib id="bib21"><number>

[21] Philippe Palanque. 2021. Introductory Course on Automation and its Use for Interactive Systems Design and Engineering. Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York, NY, USA, Article 147, 1–4</bib> <bib id="bib22"><number>

[22] Philippe Palanque. 2022. How to Design and Assess Automation for Interactive Applications and Interaction Techniques. In Extended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems (CHI EA '22). Association for Computing Machinery, New York, NY, USA, Article 144, 1–3.</bib> <bib id="bib23"><number>

[23] Julian Lepinski, Tovi Grossman & George Fitzmaurice. (2010). The design and evaluation of multitouch marking menus CHI 2010 Conference Proceedings: ACM SIGCHI Conference on Human Factors in Computing Systems. pp. 2233-2242</bib>

[24] Paul Dunphy, James Nicholson, and Patrick Olivier. 2008. Securing passfaces for description. In Proceedings of the 4th symposium on Usable privacy and security (SOUPS '08). Association for Computing Machinery, New York, NY, USA, 24–35. https://doi.org/10.1145/1408664.1408668

[25] Philippe Palanque, Eric Barboni, Célia Martinie, David Navarre, and Marco Winckler. 2011. A model-based approach for supporting engineering usability evaluation of interaction techniques. In Proceedings of the 3rd ACM SIGCHI symposium on Engineering interactive computing systems (EICS '11). Association for Computing Machinery, New York, NY, USA, 21–30. https://doi.org/10.1145/1996461.1996490

[26] Palanque, P., Cockburn, A., Gutwin, C. (2020). A Classification of Faults Covering the Human-Computer Interaction Loop. In: Casimiro, A., Ortmeier, F., Bitsch, F., Ferreira, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2020. Lecture Notes in Computer Science(), vol 12234. Springer, Cham. https://doi.org/10.1007/978-3-030-54549-9_29