Shamal Faily
Towards tool-support for usable secure requirements engineering with CAIRIS.
Faily, Shamal; Fl�chais, Ivan
Authors
Ivan Fl�chais
Abstract
Understanding how to better elicit, specify, and manage requirements for secure and usable software systems is a key challenge in security software engineering, however, there lacks tool-support for specifying and managing the voluminous amounts of data the associated analysis yields. Without these tools, the subjectivity of analysis may increase as design activities progress. This paper describes CAIRIS (Computer Aided Integration of Requirements and Information Security), a step toward tool-support for usable secure requirements engineering. CAIRIS not only manages the elements associated with task, requirements, and risk analysis, it also supports subsequent analysis using novel approaches for analysing and visualising security and usability. The authors illustrate an application of CAIRIS by describing how it was used to support requirements analysis in a critical infrastructure case study.
Citation
FAILY, S. and FLÉCHAIS, I. 2010. Towards tool-support for usable secure requirements engineering with CAIRIS. International journal of secure software engineering [online], 1(3), pages 56-70. Available from: https://doi.org/10.4018/jsse.2010070104
Journal Article Type | Article |
---|---|
Acceptance Date | Jul 1, 2010 |
Online Publication Date | Jul 1, 2010 |
Publication Date | Jul 1, 2010 |
Deposit Date | Sep 16, 2021 |
Publicly Available Date | Dec 15, 2021 |
Journal | International journal of secure software engineering |
Print ISSN | 1947-3036 |
Electronic ISSN | 1947-3044 |
Publisher | IGI Global |
Peer Reviewed | Peer Reviewed |
Volume | 1 |
Issue | 3 |
Pages | 56-70 |
DOI | https://doi.org/10.4018/jsse.2010070104 |
Keywords | Requirements engineering; Systems security; Security risk analysis; User-centred design; Human-computer interaction; User personas; Computer-aided integration of requirements and information security (CAIRIS) |
Public URL | https://rgu-repository.worktribe.com/output/1427845 |
Files
FAILY 2010 Towards tool-support for usable secure
(2.2 Mb)
PDF
Copyright Statement
© IGI Global
You might also like
Programming language evaluation criteria for safety-critical software in the air domain.
(2022)
Conference Proceeding
Privacy goals for the data lifecycle.
(2022)
Journal Article
Automation and cyber security risks on the railways: the human factors implications.
(2022)
Presentation / Conference
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Integrated design framework for facilitating systems-theoretic process analysis.
(2022)
Conference Proceeding
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search