Going Beyond Usability and UX Adding Dependability, Safety and Security to Interactive Systems and Interactive Technologies 

This course takes both a practical and theoretical approach to introduce the principles, methods and tools for including “non-standards” properties inside interactive systems and interaction technologies. The course focusses on safety, dependability and security but encompasses additional contributing factors such as privacy, availability and trustworthiness and relate them to HCI-centric properties such as User Experience and Usability. The course will cover design, implementation and evaluation activities to assess these properties. A special attention will be made on how the properties are competing with one another in terms of knowledge of designers and resources required at development time. To paraphrase Susan Dray: “if it is not usable, it does not work” this course will argue that “if it does not work (i.e. it is not dependable) it is not usable” as well as “if it is not safe, it is not usable”. The concepts in this course will be supported by multiple concrete examples taken from industries including autonomous cars, aircraft cockpits, large command and control systems but also research labs prototypes targeting at deploying technologies in real-life settings 

Registration information: to register to the course and to CHI 2023 conference please follow carefully the information below 

If you are not yet registered for CHI, CLICK THIS LINK: Registration

 

If you are adding a course to your existing registration, CLICK THIS LINK: Registration for a course .

Some examples of Dependability, Safety and Security in Interactive Technologies

Central car lock system (one click to lock or unlock all the doors) a simple UI directed to security

Anti-lock Braking System (releases pressure on brake discs even though user actions should result in increased pressure) adding safety to driving task

Failure of a Flight Entertainment System in an aircraft degrading passengers user experience

Classification of inside-human faults while operating systems [26] to take into account to improve safety and dependability 

Examples of Interaction Techniques improving reliability, dependability or security 

Dead-man switch requiring input to ensure operators monitor a critical system to improve safety without damaging usability

Brace Touch an interaction technique for dependable and usable operations in case of turbulence [17] 

A formal model describing bimanual interaction technique to improve dependability of usable interactive technologies [25].

Passfaces an authentication mechanism targeting security and usability [24]

Introduction 

With the early work on understanding interactive systems [1] came the identification of properties that “good” interactive systems should exhibit (e.g. honesty) and “bad” properties that they should avoid (e.g. deadlocks). Later, guidelines for the design of interactive systems [2] were provided, identifying in a similar way “good” property (e.g. guidance), in order to favor usability of these systems. In the area of software engineering, early work [3] identified two main good properties of computing systems namely safety (i.e. nothing bad will ever happen) and liveness (i.e. something good will eventually happen). In [4] a hierarchy of software properties is proposed identifying, for the first time, explicit relationships between properties gathered in a hierarchy (e.g. “reactivity” divided in “recurrence” and “persistence”). While in the area of Human-Computer Interaction the properties were initially expressed in an informal way, [5] and [6] proposed the use of temporal logics to describe these properties.

Content Description

In HCI the focus was early made on usability standardized in the ISO 9241-11 [7] which decomposed usability in effectiveness, efficiency and satisfaction. More recently, User Experience [8] was introduced which includes affects and emotions, aesthetics or values. [10] further decomposes this property into six contributing factors: Aesthetics, Emotions, Identification, Stimulation, Meaning and Value and Social-connectedness.

As a consequence, most of the contributions in the area of HCI focus on these two properties, leaving aside other (more system-related properties) properties such as dependability [13], safety [13] or security [12] and privacy [11]. As an example, dependability is decomposed into five contributing factors: availability, safety, reliability, integrity and maintainability while security is decomposed into three: availability, integrity and privacy. One key element that can be seen from these decompositions of properties is that they are intertwined. Indeed, two of the three factors of security are shared with dependability. Work such as [14] and [15] has been dedicated to making explicit the articulation between these properties, including the HCI-related ones: usability and user experience.

The key aspect is that some HCI research touches systems for which dependability or safety (just to name two) are of prime importance. Work in [16] introduces a new interaction technique for interactive cockpits of aircrafts but the dependability is critical and not addressed in that paper but fortunately presented in another venue dedicated to safety and dependability [17]. On a similar viewpoint, as usability-driven research proposes new interactive technologies such as multitouch ones [23] research has to be conducted on the dependability side to propose new formal approaches to engineer those interactive technologies [9]. As for safety, [18] introduces an AR application to support decision making while cycling. In that paper safety is mentioned during the evaluation but no relationship to safety engineering practice is mentioned.

This course builds on top of this perspective adopting a multi-properties perspective and considering interactive systems as artefacts supporting operators’ work and users’ tasks and for which each property has to be assess in the light of the other conflicting ones. We will consider that the audience is knowledgeable in usability and user experience, thus the focus will be on safety, dependability and security and their interplay with usability and UX. We believe that this will increase the potential deployment in real settings of HCI research that remains otherwise disconnected from some of the real-world constraints.

Contribution and benefit

This course will provide newcomers with background knowledge in automation. It provides an overview on how the recent advances in safety, dependability and security engineering can be exploited to design and assess interactive applications and interaction techniques. This course will also provide material for lecturers who want to include properties assessment in their HCI courses. Finally, the course will provide examples from various domains including Aviation, Air Traffic Management, Automotive, Nuclear Power Plants …  highlighting both successes and failures of properties assessment. Concrete examples and exercises will also be provided to support the application of the course elements to practical cases

Objectives

On completion of this tutorial, attendees will:

Know the intrinsic and extrinsic characteristics of the properties of interactive systems and interaction technologies, 

Be able to decompose these properties in contributing factors and to assess the presence of these contributing factors in a prototype or system,

Know many examples on how multiple properties have been used in various domains such as automotive, aviation, Air Traffic Control, space domain …,

Know and understand the cost (in terms of time and resources) of considering a given property, 

Understand the potential consequences for not considering relevant properties in system design and engineering, 

Know the various disciplines and their research venues for each of the presented properties.

Description, Content and Agenda

This course is composed of one single course unit going from conceptual to very practical. It includes interactive hands-on exercises, case studies and practice on properties identification and assessment in the content of interactive systems design.

Audience and Prerequisite 

This course is open to researchers, practitioners, educators and students of all experience levels. No specific skills or knowledge are required beyond a background in User Centered Design. Paper [13] should be read before attending the lecture.

Practical Activities 

Various exercises will be given to the attendees. Exercises will consist in analyzing some interactive technologies published at HCI conferences e.g. technology for command and control or cycling. Then the attendees will be faced with design activities proposing extensions to ensure safety, security or dependability. Two case studies from the real world (interactive cockpits and rocket launch pads) will be studied in depth showing how conflicting properties are handled in real contexts. 

 References

[1] Alan Dix. Abstract, Generic Models of Interactive Systems. BCS HCI 1988, 63-77 (1988).

[2]Jean Vanderdonckt. Development milestones towards a tool for working with guidelines. Interacting with Computers 12(2), 81-118 (1999).

[3] Leslie Lamport. Proving the correctness of multiprocess programs. IEEE transactions on software engineering (2), 125-143 (1977).

[4] Zohar Manna & Amir Pnueli. A Hierarchy of Temporal Properties. ACM Symposium on Principles of Distributed Computing 377-410 (1990).

[5] Amir Pnueli. The Temporal Logic of Programs. 18th IEEE symposium on the Foundations of Computer Science, 46-57 (1977)

[6] Amir Pnueli. Applications of Temporal Logic to the Specification and Verification of Reactive Systems: A Survey of Current Trends. LNCS n° 224 p.510-584. Springer Verlag (1986).

[7] ISO: International Standard Organization: “ISO 9241-11” Ergonomic requirements for office work with visual display terminals (VDT) – Part 11 Guidance on Usability (1996)

[8] Paul Desmet & Peter Hekkert. (2007). Framework of Product Experience. International Journal of Design, 1(1), 13-23

[9] Arnaud Hamon, Philippe Palanque, José-Luis Silva, Yannick Deleris and Eric Barboni. 2013. Formal description of multi-touch interactions. In Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems (EICS '13). Association for Computing Machinery, New York, NY, USA, 207–216.

[10] Michael Pirker & Regina Bernhaupt. 2011. Measuring user experience in the living room: results from an ethnographically oriented field study indicating major evaluation factors. In Proceedings of the 9th European Conference on Interactive TV and Video (EuroITV '11). ACM, 79–82. 

[11] Paul Gerber, Melanie Volkamer and Karen Renaud. 2015. Usability versus privacy instead of usable privacy: Google's balancing act between usability and privacy. SIGCAS Comput. Soc. 45, 1 (February 2015), 16–21.

[12] Angela Sasse, Clare-Marie Karat and Roy Maxion. Designing and evaluating usable security and privacy technology. In: Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS '09). ACM, New York, NY, USA, Article 16, 1 page (2009).

[13] Algirdas Aviziens, Jean-Claude Laprie, Brian Randell & Karl Landwer. 2004. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Trans. Dependable Secur. Comput. 1, 1 (Jan. 2004), 11-33

[14] Elodie Bouzekri, Alexandre Canny, Célia Martinie & Philippe Palanque. (2020). Characterizing Sets of Systems: Representation and Analysis of Across-Systems Properties. In INTERACT 2019 workshop proceedings. Lecture Notes in Computer Science, vol 11930. Springer, Cham.

[15] Camille Fayollas, Célia Martinie, Philippe Palanque, Yamine Ait-Ameur & FORMEDICIS. (2018). QBP Notation for Explicit Representation of Properties, Their Refinement and Their Potential Conflicts: Application to Interactive Systems. In Global Thoughts, Local Designs. INTERACT 2017. Lecture Notes in Computer Science, vol 10774. Springer, Cham.

[16] Andy Cockburn, Carl Gutwin, Philippe Palanque, Yannick Deleris, Catherine Trask, Ashley Coveney, Marcus Yung & Karon MacLean. 2017. Turbulent Touch: Touchscreen Input for Cockpit Flight Displays. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI '17). Association for Computing Machinery, New York, NY, USA, 6742–6753.

[17] Philippe Palanque, Andy Cockburn, Léopold Désert-Legendre, Carl Gutwin, Yannick Deleris. (2019). Brace Touch: A Dependable, Turbulence-Tolerant, Multi-touch Interaction Technique for Interactive Cockpits. In: Romanovsky, A., Troubitsyna, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2019. Lecture Notes in Computer Science vol 11698. Springer, Cham

[18] Andrii Matviienko, Florian Müller, Dominik Schön, Paul Seesemann, Sebastian Günther & Max Mühlhäuser. 2022. BikeAR: Understanding Cyclists’ Crossing Decision-Making at Uncontrolled Intersections using Augmented Reality. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI '22). Association for Computing Machinery, New York, NY, USA, Article 366, 1–15. 

[19] Philippe Palanque & Célia Martinie. 2015. Designing and Assessing Interactive Systems Using Task Models. In Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems (CHI EA '15). Association for Computing Machinery, New York, NY, USA, 2465–2466. </bib> <bib id="bib20"><number>

[20] Philippe Palanque, Célia Martinie & Camille Fayollas. 2018. Automation: Danger or Opportunity? Designing and Assessing Automation for Interactive Systems. In Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems (CHI EA '18). Association for Computing Machinery, New York, NY, USA, Paper C19, 1–4.</bib> <bib id="bib21"><number>

[21] Philippe Palanque. 2021. Introductory Course on Automation and its Use for Interactive Systems Design and Engineering. Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York, NY, USA, Article 147, 1–4</bib> <bib id="bib22"><number>

[22] Philippe Palanque. 2022. How to Design and Assess Automation for Interactive Applications and Interaction Techniques. In Extended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems (CHI EA '22). Association for Computing Machinery, New York, NY, USA, Article 144, 1–3.</bib> <bib id="bib23"><number>

[23] Julian Lepinski, Tovi Grossman & George Fitzmaurice. (2010). The design and evaluation of multitouch marking menus CHI 2010 Conference Proceedings: ACM SIGCHI Conference on Human Factors in Computing Systems. pp. 2233-2242</bib>

[24] Paul Dunphy, James Nicholson, and Patrick Olivier. 2008. Securing passfaces for description. In Proceedings of the 4th symposium on Usable privacy and security (SOUPS '08). Association for Computing Machinery, New York, NY, USA, 24–35. https://doi.org/10.1145/1408664.1408668

[25] Philippe Palanque, Eric Barboni, Célia Martinie, David Navarre, and Marco Winckler. 2011. A model-based approach for supporting engineering usability evaluation of interaction techniques. In Proceedings of the 3rd ACM SIGCHI symposium on Engineering interactive computing systems (EICS '11). Association for Computing Machinery, New York, NY, USA, 21–30. https://doi.org/10.1145/1996461.1996490

[26] Palanque, P., Cockburn, A., Gutwin, C. (2020). A Classification of Faults Covering the Human-Computer Interaction Loop. In: Casimiro, A., Ortmeier, F., Bitsch, F., Ferreira, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2020. Lecture Notes in Computer Science(), vol 12234. Springer, Cham. https://doi.org/10.1007/978-3-030-54549-9_29 

Course Instructor

The instructor has been involved in the design and assessment of critical interactive systems in multiple projects (mostly in safety critical systems including Air Traffic Management, Satellite ground segments and cockpits of large civil aircrafts).

Philippe Palanque is professor in Computer Science at the University Toulouse 3 and is head of the ICS (Interactive Critical Systems) research group at IRIT Lab. Since the early 90’s his research focus is on interactive systems engineering proposing notations, methods and tools to integrate multiple properties such as usability, dependability, resilience and more recently user experience. These contributions have been developed together with industrial partners from various application domains such as civil aviation, air traffic management or satellite ground segments. Recently he has been involved in the specification of future interactive cockpits and their interactions and in the modelling of operational states of civil aircraft (with direct support from and close collaboration with Airbus). The main driver of Philippe’s research over the last 20 years has been to address in an even way Usability, Safety and Dependability in order to build trustable safety critical interactive systems. 

He was steering committee chair of the CHI conference series, is a member of the CHI academy and chair of IFIP Technical Committee on Human-Computer Interaction (TC13). He edited and co-edited more than twenty books or conference proceedings including the "Handbook on Formal Methods in Human-Computer Interaction" published by Springer in 2017. He is a member of SAFECOMP 2023 conference program committee. 

Location

[Hamburg, Germany]


The course is on-site only, there will be no remote attendance