A Trade-Off Model of Software Requirements for Balancing Between Security and Usability Issues

The growing dependence on technology drives the pronounced need of developing secure systems that can easily be used by their users. Security and usability have been widely recognized as two non-functional requirements. Different researchers have argued that handling those requirements in a separate manner is considered as a challenge that affects negatively on developing usable systems that can be easily used by their users. Where the security experts most often endeavor to identify and specify the security requirements to resist the potential harms, attacks, and risks that may face the overall system without paying any attention to the resulting issues and difficulties that may face end users when they handle such systems. Over the last two decades, several researchers have introduced different methodologies to facilitate developing usable security systems. Despite that, the research in this area still requires expending more efforts in order to reach a good trade-off between security and usability requirements. For this purpose, this paper aims to analyze the relation between security and usability requirements in order to design a trade-off model that assists in integrating the experiences of both security and usability experts at the requirement stage for reaching a good compromise between both the security and usability requirements.

[1]  Vladimír Bureš Comparative Analysis of System Dynamics Software Packages , 2015 .

[2]  Khalid T. Al-Sarayreh,et al.  An Integrated Measurement Model for Evaluating Usability Attributes , 2015, IPAC.

[3]  Y. S. Feruza,et al.  IT Security Review: Privacy, Protection, Access Control, Assurance and System Security , 2007 .

[4]  Tony R. Sahama,et al.  Sharing with Care: An Information Accountability Perspective , 2011, IEEE Internet Computing.

[5]  Alain Abran,et al.  Identification, specification and measurement, using international standards, of the system non functional requirements allocated to real-time embedded software , 2011 .

[6]  Alain Abran,et al.  A standards‐based model of system maintainability requirements , 2013, J. Softw. Evol. Process..

[7]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[8]  Kwok T. Fung Network Security Technologies , 2004 .

[9]  Rex B. Kline,et al.  Usability measurement and metrics: A consolidated model , 2006, Software Quality Journal.

[10]  Khalid T. Al-Sarayreh,et al.  A standard-based reference framework for system operations requirements , 2013, Int. J. Comput. Appl. Technol..

[11]  Robert B. Grady,et al.  Practical Software Metrics for Project Management and Process Improvement , 1992 .

[12]  Alain Abran,et al.  Usability Meanings and Interpretations in ISO Standards , 2003, Software Quality Journal.

[13]  Dieter Gollmann,et al.  Observations on Non-repudiation , 1996, ASIACRYPT.

[14]  Khalid T. Al-Sarayreh,et al.  A Generic Method for Identifying Maintainability Requirements Using ISO Standards , 2015 .

[15]  Khalid T. Al-Sarayreh,et al.  Towards a Development of an Operational Process for Software Requirements: Case study application for Renewable Energy Software's , 2015 .

[16]  Alain Abran,et al.  A standards-based reference framework for system portability requirements , 2013, Comput. Stand. Interfaces.

[17]  Mark Ciampa Security+ Guide to Network Security Fundamentals , 2008 .

[18]  Kalpna Sagar,et al.  A critical analysis of a hierarchy based Usability Model , 2014, 2014 International Conference on Contemporary Computing and Informatics (IC3I).

[19]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[20]  Khalid T. Al-Sarayreh Dependability Model for Decomposition and Allocation of System Safety Integrity Levels of Software Quality , 2015 .

[21]  Khalid T. Al-Sarayreh,et al.  Towards A Requirements Model of System Security Using International Standards , 2015 .