Woori Roh  Seok-Won Lee

10.5626/JOK.2018.45.11.1142

Security Usability conflicts Ontology Knowledge Base requirements engineering

Considering the trade-offs or conflicts between security and usability during the requirements engineering (RE) process is a complicated task. This is due to the contrary characteristics of security and usability as well as a lack of research on finding a consensus on the semantics of quality attributes, especially for security and usability. Furthermore, the number of security experts available is decreasing, while a methodology to determine the conflicts between security and usability during the RE process has not yet been developed. We, therefore, propose a novel approach to construct a three-layer ontological knowledge base by linking the keywords from definitions, criteria, and metrics of security and usability. In addition, we discuss the applicability of this knowledge base by examining two case studies with software engineering (SE) students. These case studies show that the participants using the proposed approach (Team A) can derive conflicts that are more precise compared to the participants who did not use the knowledge base (Team B). Moreover, the number of conflicts derived by Team A is half that by Team B. Regardless of the knowledge level, the proposed approach can determine the conflicts between security and usability during the RE process. Also, while practical RE studies have often been considered difficult to handle, the proposed approach can show the applicability of RE research.