Skip to main content

Research Repository

Advanced Search

Identifying implicit vulnerabilities through personas as goal models.

Faily, Shamal; Iacob, Claudia; Ali, Raian; Ki-Aries, Duncan

Authors

Claudia Iacob

Raian Ali

Duncan Ki-Aries



Contributors

Sokratis Katsikas
Editor

Frédéric Cuppens
Editor

Nora Cuppens
Editor

Costas Lambrinoudakis
Editor

Christos Kalloniatis
Editor

John Mylopoulos
Editor

Annie Antón
Editor

Stefanos Gritzalis
Editor

Weizhi Meng
Editor

Steven Furnell
Editor

Abstract

When used in requirements processes and tools, personas have the potential to identify vulnerabilities resulting from misalignment between user expectations and system goals. Typically, however, this potential is unfulfilled as personas and system goals are captured with different mindsets, by different teams, and for different purposes. If personas are visualised as goal models, it may be easier for stakeholders to see implications of their goals being satisfied or denied, and designers to incorporate the creation and analysis of such models into the broader RE tool-chain. This paper outlines a tool-supported approach for finding implicit vulnerabilities from user and system goals by reframing personas as social goal models. We illustrate this approach with a case study where previously hidden vulnerabilities based on human behaviour were identified.

Citation

FAILY, S., IACOB, C., ALI, R. and KI-ARIES, D. 2020. Identifying implicit vulnerabilities through personas as goal models. In Katsikas, S., Cuppens, F., Cuppens, N., Lambrinoudakis, C., Kalloniatis, C., Mylopoulos, J., Antón, A., Gritzalis, S., Meng, W. and Furnell, S. (eds.) Computer security: ESORICS 2020 international workshops, CyberICPS, SECPRE, and ADIoT: revised selected papers from the 4th International workshop on security and privacy requirements engineering (SECPRE 2020), co-located with the 25th European symposium on research in computer security (ESORICS 2020), 14-18 September 2020, Guildford, UK. Lecture notes in computer science, 12501. Cham: Springer [online], pages 185-202. Available from: https://doi.org/10.1007/978-3-030-64330-0_12

Conference Name 4th International workshop on security and privacy requirements engineering (SECPRE 2020), co-located with the 25th European symposium on research in computer security (ESORICS 2020)
Conference Location Guildford, UK
Start Date Sep 14, 2020
End Date Sep 18, 2020
Acceptance Date Aug 6, 2020
Online Publication Date Dec 17, 2020
Publication Date Dec 31, 2020
Deposit Date Sep 16, 2021
Publicly Available Date Nov 23, 2021
Publisher Springer
Pages 185-202
Series Title Lecture notes in computer science (LNCS)
Series Number 12501
Series ISSN 0302-9743 ; 1611-3349
Book Title Computer security: ESORICS 2020 international workshops, CyberICPS, SECPRE, and ADIoT: revised selected papers
ISBN 9783030643294
DOI https://doi.org/10.1007/978-3-030-64330-0_12
Keywords User personas; User behaviour; User-centred design; Systems security; Security risk analysis
Public URL https://rgu-repository.worktribe.com/output/1364605

Files





You might also like



Downloadable Citations