Shamal Faily
Visualising personas as goal models to find security tensions.
Faily, Shamal; Iacob, Claudia; Ali, Raian; Ki-Aries, Duncan
Authors
Claudia Iacob
Raian Ali
Duncan Ki-Aries
Abstract
This paper aims to present a tool-supported approach for visualising personas as social goal models, which can subsequently be used to identify security tensions. The authors devised an approach to partially automate the construction of social goal models from personas. The authors provide two examples of how this approach can identify previously hidden implicit vulnerabilities and validate ethical hazards faced by penetration testers and their safeguards. Visualising personas as goal models makes it easier for stakeholders to see implications of their goals being satisfied or denied, and easier for designers to incorporate the creation and analysis of such models into the broader requirements engineering (RE) tool-chain. The approach can be used with minimal changes to existing user experience and goal modelling approaches and security RE tools.
Citation
FAILY, S., IACOB, C., ALI, R. and KI-ARIES, D. 2021. Visualising personas as goal models to find security tensions. Information and computer security [online], 29(5), pages 787-815. Available from: https://doi.org/10.1108/ICS-03-2021-0035
Journal Article Type | Article |
---|---|
Acceptance Date | Mar 26, 2021 |
Online Publication Date | Aug 16, 2021 |
Publication Date | Nov 12, 2021 |
Deposit Date | Sep 2, 2021 |
Publicly Available Date | Mar 29, 2024 |
Journal | Information and Computer Security |
Print ISSN | 2056-4961 |
Electronic ISSN | 2056-4961 |
Publisher | Emerald |
Peer Reviewed | Peer Reviewed |
Volume | 29 |
Issue | 5 |
Pages | 787-815 |
DOI | https://doi.org/10.1108/ICS-03-2021-0035 |
Keywords | User personas; Systems security; Security risk analysis; Human-computer interaction (HCI); Software engineering; Requirements engineering |
Public URL | https://rgu-repository.worktribe.com/output/1427715 |
Files
FAILY 2021 Visualising personas as goal models
(2.6 Mb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/
You might also like
Programming language evaluation criteria for safety-critical software in the air domain.
(2022)
Conference Proceeding
Privacy goals for the data lifecycle.
(2022)
Journal Article
Automation and cyber security risks on the railways: the human factors implications.
(2022)
Presentation / Conference
Integrated design framework for facilitating systems-theoretic process analysis.
(2022)
Conference Proceeding
Cybersecurity user requirements analysis: the ECHO approach.
(2022)
Conference Proceeding
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search