Shamal Faily
Design as code: facilitating collaboration between usability and security engineers using CAIRIS.
Faily, Shamal; Iacob, Claudia
Authors
Claudia Iacob
Abstract
Designing usable and secure software is hard without tool-support. Given the importance of requirements, CAIRIS was designed to illustrate the form tool-support for specifying usable and secure systems might take. While CAIRIS supports a broad range of security and usability engineering activities, its architecture needs to evolve to meet the workflows of these stakeholders. To this end, this paper illustrates how CAIRIS and its models act as a vehicle for collaboration between usability and security engineers. We describe how the modified architecture of CAIRIS facilitates this collaboration, and illustrate the tool using three usage scenarios.
Citation
FAILY, S. and IACOB, C. 2017. Design as code: facilitating collaboration between usability and security engineers using CAIRIS. In Proceedings of the 4th Workshop on evolving security and privacy requirements engineering (ESPRE 2017), part of the 25th IEEE international requirements engineering conference workshops (REW 2017), 4-8 September 2017, Lisbon, Portugal. Los Alamitos: IEEE Computer Society [online], pages 76-82. Available from: https://doi.org/10.1109/REW.2017.23
| Conference Name | 4th Workshop on evolving security and privacy requirements engineering (ESPRE 2017), part of the 25th IEEE international requirements engineering conference workshops (REW 2017) |
|---|---|
| Conference Location | Lisbon, Portugal |
| Start Date | Sep 4, 2017 |
| End Date | Sep 8, 2017 |
| Acceptance Date | Jul 7, 2017 |
| Online Publication Date | Oct 2, 2017 |
| Publication Date | Dec 31, 2017 |
| Deposit Date | Oct 11, 2021 |
| Publicly Available Date | Dec 3, 2021 |
| Publisher | IEEE Computer Society |
| Pages | 76-82 |
| ISBN | 9781538634899 |
| DOI | https://doi.org/10.1109/REW.2017.23 |
| Keywords | Computer-aided integration of requirements and information security (CAIRIS); Software as a service (SaaS); Systems security; Personas; Threat modeling; KAOS goal and obstacle models; Security risk analysis |
| Public URL | https://rgu-repository.worktribe.com/output/1437903 |
Files
FAILY 2017 Design as code
(1 Mb)
PDF
Copyright Statement
© IEEE
You might also like
Programming language evaluation criteria for safety-critical software in the air domain.
(2022)
Conference Proceeding
Privacy goals for the data lifecycle.
(2022)
Journal Article
Automation and cyber security risks on the railways: the human factors implications.
(2022)
Presentation / Conference
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Integrated design framework for facilitating systems-theoretic process analysis.
(2022)
Conference Proceeding
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search