Shamal Faily
Design as code: facilitating collaboration between usability and security engineers using CAIRIS.
Faily, Shamal; Iacob, Claudia
Authors
Claudia Iacob
Abstract
Designing usable and secure software is hard without tool-support. Given the importance of requirements, CAIRIS was designed to illustrate the form tool-support for specifying usable and secure systems might take. While CAIRIS supports a broad range of security and usability engineering activities, its architecture needs to evolve to meet the workflows of these stakeholders. To this end, this paper illustrates how CAIRIS and its models act as a vehicle for collaboration between usability and security engineers. We describe how the modified architecture of CAIRIS facilitates this collaboration, and illustrate the tool using three usage scenarios.
Citation
FAILY, S. and IACOB, C. 2017. Design as code: facilitating collaboration between usability and security engineers using CAIRIS. In Proceedings of the 4th Workshop on evolving security and privacy requirements engineering (ESPRE 2017), part of the 25th IEEE international requirements engineering conference workshops (REW 2017), 4-8 September 2017, Lisbon, Portugal. Los Alamitos: IEEE Computer Society [online], pages 76-82. Available from: https://doi.org/10.1109/REW.2017.23
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 4th Workshop on evolving security and privacy requirements engineering (ESPRE 2017), part of the 25th IEEE international requirements engineering conference workshops (REW 2017) |
| Start Date | Sep 4, 2017 |
| End Date | Sep 8, 2017 |
| Acceptance Date | Jul 7, 2017 |
| Online Publication Date | Oct 2, 2017 |
| Publication Date | Dec 31, 2017 |
| Deposit Date | Oct 11, 2021 |
| Publicly Available Date | Dec 3, 2021 |
| Publisher | IEEE Computer Society |
| Peer Reviewed | Peer Reviewed |
| Pages | 76-82 |
| ISBN | 9781538634899 |
| DOI | https://doi.org/10.1109/REW.2017.23 |
| Keywords | Computer-aided integration of requirements and information security (CAIRIS); Software as a service (SaaS); Systems security; Personas; Threat modeling; KAOS goal and obstacle models; Security risk analysis |
| Public URL | https://rgu-repository.worktribe.com/output/1437903 |
Files
FAILY 2017 Design as code
(1 Mb)
PDF
Copyright Statement
© IEEE
You might also like
Privacy goals for the data lifecycle.
(2022)
Journal Article
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Visualising personas as goal models to find security tensions.
(2021)
Journal Article
Evaluating privacy: determining user privacy expectations on the web.
(2021)
Journal Article
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
(2020)
Journal Article
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search