A literature review on software usability and software security alignment

Abstract

In this 21st century, computing systems have become an integral part of day-to-day human life. Human-Computer Interaction derived into the stage with the main focused subject ‘usability’, which attempts making software well-suited for people. However, focusing on usability of software is not good enough, at the same time systems should be secure. Even though importance of usability and security of a software is evident in the literature, no proper method is available to align usability and security of a given software product. Some of the significant work available in literature includes guidelines/ recommendations to resolve the trade-off between usability and security, ontological frameworks, usability and security evaluation frameworks, and assessments frameworks for usability and security requirements. Further, Human Computer Interaction and Security (HCI-SEC) group is formed to bridge the gap between usability and security under the main goal of “Usable Security”. Regardless of all these work, no proper solution is still available to align usability and security of a software according to its requirements. Our literature review identifies following issues in the literature which need attention of future researchers. They are: usability and security aspects have not been integrated into the initial stages of the system’s development process, treating security and usability as add-ons to the system, no proper way to assess usability and security. Similarly, in requirement engineering, security and usability both considered as non-functional quality attributes which can be measured and reflected only in later stages. This lack of observance on security and usability requirements along with their interaction, generates a gap in security and usability in final software product. Moreover, in software system, usability and security has an inverse relationship and there will be a point where security or usability cannot be optimized when the other factor (security/usability) reached a level which cannot be compromised anymore. Our literature review indicates that further research is required to avoid conflicts in optimizing usability and security at the early stage of software development life cycle considering user’s requirements.