Shamal Faily
Towards tool-support for usable secure requirements engineering with CAIRIS.
Faily, Shamal; Fl�chais, Ivan
Authors
Ivan Fl�chais
Abstract
Understanding how to better elicit, specify, and manage requirements for secure and usable software systems is a key challenge in security software engineering, however, there lacks tool-support for specifying and managing the voluminous amounts of data the associated analysis yields. Without these tools, the subjectivity of analysis may increase as design activities progress. This paper describes CAIRIS (Computer Aided Integration of Requirements and Information Security), a step toward tool-support for usable secure requirements engineering. CAIRIS not only manages the elements associated with task, requirements, and risk analysis, it also supports subsequent analysis using novel approaches for analysing and visualising security and usability. The authors illustrate an application of CAIRIS by describing how it was used to support requirements analysis in a critical infrastructure case study.
Citation
FAILY, S. and FLÉCHAIS, I. 2010. Towards tool-support for usable secure requirements engineering with CAIRIS. International journal of secure software engineering [online], 1(3), pages 56-70. Available from: https://doi.org/10.4018/jsse.2010070104
Journal Article Type | Article |
---|---|
Acceptance Date | Jul 1, 2010 |
Online Publication Date | Jul 1, 2010 |
Publication Date | Jul 1, 2010 |
Deposit Date | Sep 16, 2021 |
Publicly Available Date | Dec 15, 2021 |
Journal | International journal of secure software engineering |
Print ISSN | 1947-3036 |
Electronic ISSN | 1947-3044 |
Publisher | IGI Global |
Peer Reviewed | Peer Reviewed |
Volume | 1 |
Issue | 3 |
Pages | 56-70 |
DOI | https://doi.org/10.4018/jsse.2010070104 |
Keywords | Requirements engineering; Systems security; Security risk analysis; User-centred design; Human-computer interaction; User personas; Computer-aided integration of requirements and information security (CAIRIS) |
Public URL | https://rgu-repository.worktribe.com/output/1427845 |
Files
FAILY 2010 Towards tool-support for usable secure
(2.2 Mb)
PDF
Copyright Statement
© IGI Global
You might also like
Privacy goals for the data lifecycle.
(2022)
Journal Article
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Visualising personas as goal models to find security tensions.
(2021)
Journal Article
Evaluating privacy: determining user privacy expectations on the web.
(2021)
Journal Article
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
(2020)
Journal Article
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search