Usability and Security in User Interface Design: A Systematic Literature Review

Full Text (PDF, 388KB), PP.72-80

Views: 0 Downloads: 0


Ugochi Oluwatosin Nwokedi 1,* Beverly Amunga Onyimbo 1 Babak Bashari Rad 1

1. School of Computing and Technology Asia Pacific University of Technology & Innovation (APU), Bukit Jalil, 57000, Kuala Lumpur, Malaysia

* Corresponding author.


Received: 7 Jun. 2015 / Revised: 3 Oct. 2015 / Accepted: 11 Dec. 2015 / Published: 8 May 2016

Index Terms

Usability, Security, Authentication, User Interface Design, Usability and Security engineering, Quality Criteria


Systems carry sensitive data where users are involved. There is need for security concern for the modern software applications. We can term them as 'untrusted clients'. Internet usage has rapidly grown over the years and, more users are opening their information system to their clientele, it is essential to understand users' data that need protecting and to control system access as well and the rights of users of the system. Because of today's increasingly nomadic lifestyle, where they allow users to connect to information systems from anywhere with all the devices in the market, the users need to carry part of the information system out of the secure infrastructure. Insecurity in user interfaces is caused by user ignoring functionalities in the system where some are not only a threat but can harm the system e.g. leaving network services active even though the user does not need them, or when a user is having little or no information of the available security measures. This research paper aims critically address through a review of existing literature, the importance of balance or trade-off between usability and the security of the system. Systematic review method involved a physical exploration of some conference proceedings and journals to conduct the literature review. Research questions relating to usability and security were asked and the criteria for usability and security evaluations were identified. This systematic literature review is valuable in closing the gap between usability and security in software development process, where usability and security engineering needs to be considered for a better quality end-user software.

Cite This Paper

Ugochi Oluwatosin Nwokedi, Beverly Amunga Onyimbo, Babak Bashari Rad, "Usability and Security in User Interface Design: A Systematic Literature Review", International Journal of Information Technology and Computer Science(IJITCS), Vol.8, No.5, pp.72-80, 2016. DOI:10.5815/ijitcs.2016.05.08


[1]R. W. Reeder, C.-M. Karat, J. Karat, and C. Brodie, Usability challenges in security and privacy policy-authoring interfaces, in Human-Computer Interaction–INTERACT 2007. 2007, Springer. p. 141-155. doi:10.1007/978-3-540-74800-7_11

[2]T. Fischer, A.-R. Sadeghi, and M. Winandy, "A pattern for secure graphical user interface systems," vol. pp. 186-190, 2009. doi:10.1109/DEXA.2009.76

[3]S. Möller, N. Ben-Asher, K.-P. Engelbrecht, R. Englert, and J. Meyer, "Modeling the behavior of users who are confronted with security mechanisms," Computers & Security,  vol. 30, pp. 242-256, 2011. doi:

[4]L. F. Cranor and N. Buchler, "Better together: Usability and security go hand in hand," IEEE Security & Privacy, pp. 89-93, 2014. 

[5]Y. Fujihara, H. Oikawa, and Y. Murayama, "Towards an interface causing discomfort for security: A user survey on the factors of discomfort," vol. pp. 173-174, 2008. doi: 10.1109/SSIRI.2008.44

[6]S. Faily and I. Fléchais, "Finding and resolving security misusability with misusability cases," Requirements Engineering, pp. 1-15, 2014. doi:10.1007/s00766-014-0217-8

[7]C. S. Weir, G. Douglas, M. Carruthers, and M. Jack, "User perceptions of security, convenience and usability for ebanking authentication tokens," Computers & Security,  vol. 28, pp. 47-62, 2009. doi: 10.1016/j.cose.2008.09.008

[8]L. B. Ammar, A. Trabelsi, and A. Mahfoudhi, "A model-driven approach for usability engineering of interactive systems," Software Quality Journal, pp. 1-35. doi: 10.1007/s11219-014-9266-y

[9]C. Rudolph and A. Fuchs, "Redefining Security Engineering," vol. pp. 1-6, 2012. doi: 10.1109/NTMS.2012.6208773

[10]M. Mihajlov, B. J. Blažič, and S. Josimovski, "Quantifying Usability and Security in Authentication," vol. pp. 626-629, 2011. doi: 10.1109/COMPSAC.2011.87

[11]C. Möckel, "Usability and Security in EU E-Banking Systems-Towards an Integrated Evaluation Framework," vol. pp. 230-233, 2011. doi: 10.1109/SAINT.2011.42

[12]M. Bourimi, R. Tesoriero, P. G. Villanueva, F. Karatas, and P. Schwarte, "Privacy and security in multi-modal user interface modeling for social media," vol. pp. 1364-1371, 2011. doi: 10.1109/PASSAT/SocialCom.2011.49

[13]M. Minami, K. Suzaki, and T. Okumura, "Security considered harmful a case study of tradeoff between security and usability," vol. pp. 523-524, 2011. doi: 10.1109/CCNC.2011.5766529

[14]N. Gunson, D. Marshall, H. Morton, and M. Jack, "User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking," Computers & Security,  vol. 30, pp. 208-220, 2011. doi: 10.1016/j.cose.2010.12.001

[15]M. Mihajlov, B. Jerman-Blazic, and S. Josimovski, "A conceptual framework for evaluating usable security in authentication mechanisms-usability perspectives,"  pp. 332-336, 2011. doi: 10.1109/ICNSS.2011.6060025

[16]S. Chiasson, A. Forget, R. Biddle, and P. C. Van Oorschot, "User interface design affects security: Patterns in click-based graphical passwords," International Journal of Information Security,  vol. 8, pp. 387-398, 2009. doi: 10.1007/s10207-009-0080-7

[17]B. A. Kitchenham and S. Charters, Guidelines for performing systematic literature reviews in software engineering, in Technical report, Ver. 2.3 EBSE Technical Report. EBSE. 2007, School of Computer Science and Mathematics, Keele University. 

[18]L. García-Borgoñon, M. Barcelona, J. García-García, M. Alba, and M. J. Escalona, "Software process modeling languages: A systematic literature review," Information and Software Technology,  vol. 56, pp. 103-116, 2014. 

[19]S. Furnell, "Usability versus complexity–striking the balance in end-user security," Network Security,  vol. 2010, pp. 13-17, 2010. doi: 10.1007/0-387-33406-8_26

[20]P. Savolainen, J. J. Ahonen, and I. Richardson, "Software development project success and failure from the supplier's perspective: A systematic literature review," International Journal of Project Management,  vol. 30, pp. 458-469, 2012. doi: 10.1016/j.ijproman.2011.07.002

[21]T. Ibrahim, S. Furnell, M. Papadaki, and N. L. Clarke, "Assessing the Usability of End-User Security Software," vol. pp. 177-189, 2010. doi: 10.1007/978-3-642-15152-1_16

[22]M. Yoshimoto, T. Katoh, B. B. Bista, and T. Takata, Development and evaluation of new user interface for security scanner with usability in human interface study, in Network-Based Information Systems. 2007, Springer. p. 127-136. doi: 10.1007/978-3-540-74573-0_14

[23]D. Reed and A. Monk, "Inclusive design: beyond capabilities towards context of use," Universal Access in the Information Society,  vol. 10, pp. 295-305, 2011. doi: 10.1007/s10209-010-0206-8

[24]A. Mieczakowski, P. Langdon, and P. J. Clarkson, "Investigating designers’ and users’ cognitive representations of products to assist inclusive interaction design," Universal access in the information society,  vol. 12, pp. 279-296, 2013. doi: 10.1007/s10209-012-0278-8

[25]B. Akhgar, A. Staniforth, and F. Bosco, Cyber Crime and Cyber Terrorism Investigator's Handbook. Syngress, 2014.

[26]R. Dhamija and L. Dusseault, "The seven flaws of identity management: Usability and security challenges," Security & Privacy, IEEE, vol. 6, pp. 24-29, 2008. doi: 10.1109/MSP.2008.49

[27]P. N. Son and H. Y. Kong, "An Integration of Source and Jammer for a Decode-and-Forward Two-way Scheme Under Physical Layer Security," Wireless Personal Communications,  vol. 79, pp. 1741-1764, 2014. doi: 10.1007/s11277-014-1956-z

[28]U. Habiba, R. Masood, M. A. Shibli, and M. A. Niazi, "Cloud identity management security issues & solutions: a taxonomy," Complex Adaptive Systems Modeling,  vol. 2, pp. 1-37, 2014. doi: 10.1186/s40294-014-0005-9

[29]K. Renaud, Evaluating authentication mechanisms, in Security and Usability: Designing Secure Systems That People Can Use, L. Cranor and S. Garfinkel, Editors. 2005, O'Reilly Media: Stebastopol, C.A. p. 103-128. 

[30]N. Anciaux, M. Benzine, L. Bouganim, P. Pucheral, and  D. Shasha, Revelation on demand. Distributed and Parallel Databases, vol. 25(1-2), pp. 5-28, 2009 doi: 10.1007/s11219-014-9266-y

[31]P. Mayer, M. Volkamer, and M. Kauer, Authentication Schemes - Comparison and Effective Password Spaces in Information Security, A. Prakash and R. Shyamasundar, Editors. 2014 Springer International Publishing: Hyderabad, India. p. 204-225. doi: 10.1007/978-3-319-13841-1_12

[32]H. Iqbal and M. F. Khan, "Assimilation of Usability Engineering and User-Centered Design using Agile Software Development Approach" I.J Modern Education and Computer, vol.6(10), pp. 23-28, 2014. 

[33]I. Ahmad Mir and S.M.K. Quadri, "Analysis and Evaluating Security of Component-Based Software Development: A Security Metrics Framework", IJCNIS, vol.4 (11), 2012 pp. 21-31 

[34]D. Heaton & J.C. Carver, Claims about the use of software engineering practices in science: A systematic literature review, Information and Software Technology, vol. 67, pp. 207-219, 2015