Shamal Faily
Identifying implicit vulnerabilities through personas as goal models.
Faily, Shamal; Iacob, Claudia; Ali, Raian; Ki-Aries, Duncan
Authors
Claudia Iacob
Raian Ali
Duncan Ki-Aries
Contributors
Sokratis Katsikas
Editor
Fr�d�ric Cuppens
Editor
Nora Cuppens
Editor
Costas Lambrinoudakis
Editor
Christos Kalloniatis
Editor
John Mylopoulos
Editor
Annie Ant�n
Editor
Stefanos Gritzalis
Editor
Weizhi Meng
Editor
Steven Furnell
Editor
Abstract
When used in requirements processes and tools, personas have the potential to identify vulnerabilities resulting from misalignment between user expectations and system goals. Typically, however, this potential is unfulfilled as personas and system goals are captured with different mindsets, by different teams, and for different purposes. If personas are visualised as goal models, it may be easier for stakeholders to see implications of their goals being satisfied or denied, and designers to incorporate the creation and analysis of such models into the broader RE tool-chain. This paper outlines a tool-supported approach for finding implicit vulnerabilities from user and system goals by reframing personas as social goal models. We illustrate this approach with a case study where previously hidden vulnerabilities based on human behaviour were identified.
Citation
FAILY, S., IACOB, C., ALI, R. and KI-ARIES, D. 2020. Identifying implicit vulnerabilities through personas as goal models. In Katsikas, S., Cuppens, F., Cuppens, N., Lambrinoudakis, C., Kalloniatis, C., Mylopoulos, J., Antón, A., Gritzalis, S., Meng, W. and Furnell, S. (eds.) Computer security: ESORICS 2020 international workshops, CyberICPS, SECPRE, and ADIoT: revised selected papers from the 4th International workshop on security and privacy requirements engineering (SECPRE 2020), co-located with the 25th European symposium on research in computer security (ESORICS 2020), 14-18 September 2020, Guildford, UK. Lecture notes in computer science, 12501. Cham: Springer [online], pages 185-202. Available from: https://doi.org/10.1007/978-3-030-64330-0_12
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 4th International workshop on security and privacy requirements engineering (SECPRE 2020), co-located with the 25th European symposium on research in computer security (ESORICS 2020) |
| Start Date | Sep 14, 2020 |
| End Date | Sep 18, 2020 |
| Acceptance Date | Aug 6, 2020 |
| Online Publication Date | Dec 17, 2020 |
| Publication Date | Dec 31, 2020 |
| Deposit Date | Sep 16, 2021 |
| Publicly Available Date | Nov 23, 2021 |
| Publisher | Springer |
| Peer Reviewed | Peer Reviewed |
| Pages | 185-202 |
| Series Title | Lecture notes in computer science (LNCS) |
| Series Number | 12501 |
| Series ISSN | 0302-9743 ; 1611-3349 |
| Book Title | Computer security: ESORICS 2020 international workshops, CyberICPS, SECPRE, and ADIoT: revised selected papers |
| ISBN | 9783030643294 |
| DOI | https://doi.org/10.1007/978-3-030-64330-0_12 |
| Keywords | User personas; User behaviour; User-centred design; Systems security; Security risk analysis |
| Public URL | https://rgu-repository.worktribe.com/output/1364605 |
Files
FAILY 2020 Identifying implicit vulnerabilities
(1.2 Mb)
PDF
You might also like
Privacy goals for the data lifecycle.
(2022)
Journal Article
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Visualising personas as goal models to find security tensions.
(2021)
Journal Article
Evaluating privacy: determining user privacy expectations on the web.
(2021)
Journal Article
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
(2020)
Journal Article
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search