Eliciting and Visualising Trust Expectations using Persona Trust Characteristics and Goal Models

Developers and users rely on trust to simplify complexity when building and using software. Unfortunately, the invisibility of trust and the richness of a system’s context of use means that factors influencing trust are difficult to see, and assessing its implications before a system is built is complex and time-consuming. This paper presents an approach for eliciting and visualising differences between trust expectations using persona cases, goal models, and complementary tool support. We evaluate our approach by using it to identify misplaced trust expectations in a software infrastructure by its users and application developers

Finding and Resolving Security Misusability with Misusability Cases

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice- versa. One way of using scenarios to bridge security and usability involves explicitly describing how design deci- sions can lead to users inadvertently exploiting vulnera- bilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems sub- sequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illus- trating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems

Assessing Security Risk and Requirements for Systems of Systems

A System of Systems (SoS) is a term used to describe independent systems converging for a purpose that could only be carried out through this interdependent collaboration. Many examples of SoSs exist, but the term has become a source of confusion across domains. Moreover, there are few illustrative SoS examples demonstrating their initial classification and structure. While there are many approaches for engineering of systems, less exist for SoS engineering. More specifically, there is a research gap towards approaches addressing SoS security risk assessment for engineering and operational needs, with a need for tool-support to assist modelling and visualising security risk and requirements in an interconnected SoS. From this, security requirements can provide a systematic means to identify constraints and related risks of the SoS, mitigated by human-user and system requirements. This work investigates specific challenges and current approaches for SoS security and risk, and aims to identify the alignment of SoS factors and concepts suitable for eliciting, analysing, validating risks with use of a tool-support for assessing security risk in the SoS context

Identifying Implicit Vulnerabilities through Personas as Goal Models

When used in requirements processes and tools, personas have the potential to identify vulnerabilities resulting from misalignment between user expectations and system goals. Typically, however, this potential is unfulfilled as personas and system goals are captured with different mindsets, by different teams, and for different purposes. If personas are visualised as goal models, it may be easier for stakeholders to see implications of their goals being satisfied or denied, and designers to incorporate the creation and analysis of such models into the broader RE tool-chain. This paper outlines a tool-supported approach for finding implicit vulnerabilities from user and system goals by reframing personas as social goal models. We illustrate this approach with a case study where previously hidden vulnerabilities based on human behaviour were identified

A persona-based modelling for contextual requirements

[Context & Motivation] Personas are a technique used to guide developing products accommodating people diversity. They are archetypes reflecting common combinations of users’ characteristics, needs and goals. Persons can add a human-centred facet to requirements engineering practice which is often revolving around the concept of business roles. [Question/Problem] Goal modelling is an example of mainstream requirements engineering approach driven by business roles and their responsibilities and needs represented as goals. Personnel in the system are expected to act according to this prescriptive specification. Personnel diversity is often seen as a customization and design issue. [Principal idea/Results]. In this paper we propose to consider such diversity as a conditional context in requirements modelling and, as an approach, augment Contextual Goal Model (CGM) with personas as a new contextual dimension. Additionally, we propose an algorithm to analyse the achievability of CGM goals in the presence of the personas contexts variation. We evaluate our approach using a Mobile Personal Emergency Response System (MPERS) implemented as a prototype. [Contribution] Our persona-based modelling approach paves the way to augment requirements with a consideration of people diversity and enrich the business perspective with a more user-centred design facet

Assessing system of systems information security risk with OASoSIS.

The term System of Systems (SoS) is used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, the SoS concept is often misunderstood within operational environments, providing challenges towards the secure design and operation of SoSs. Limitations in existing literature indicates a need for discovery towards identifying a combination of concepts, models, and techniques suitable for assessing SoS security risk and related human factor concerns for SoS Requirements Engineering. In this article, we present OASoSIS, representing an information security risk assessment and modelling process to assist risk-based decision making in SoS Requirements Engineering. A characterisation process is introduced to capture the SoS context, supporting a SoS security risk assessment process that extends OCTAVE Allegro towards a SoS context. Resulting risk data provides a focused means to assess and model the SoS information security risk and related human factors, integrating tool-support using CAIRIS. A medical evacuation SoS case study scenario was used to test, illustrate, and validate the alignment of concepts, models, and techniques for assessing SoS information security risks with OASoSIS, where findings provide a positive basis for future work

Visualising Personas as Goal Models to Find Security Tensions

This paper presents a tool-supported approach for visualising personas as social goal models, which can subsequently be used to identify security tensions. We devised an approach for partially automating the construction of social goal models from personas. We provide two examples of how this approach can be used to identify previously hidden implicit vulnerabilities, and validate ethical hazards faced by penetration testers and safeguards that address them. Visualising personas as goal models makes it easier for stakeholders to see implications of their goals being satisfied or denied, and designers to incorporate the creation and analysis of such models into the broader RE tool-chain. Our approach can be adopted with minimal changes to existing User Experience (UX) and goal modelling approaches and Security Requirements Engineering tools

From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems

Framing Internet of Things (IoT) applications as a System of Systems (SoS) can help us make sense of complexity associated with interoperability and emergence. However, assess- ing the risk of SoSs is a challenge due to the independence of component systems, and their differing degrees of control and emergence. This paper presents three components for SoS risk assessment that integrate with existing risk assessment approaches: Human System Integration (HSI), Interoperability identification and analysis, and Emergent behaviour evaluation and control measures. We demonstrate the application of these components by assessing a pervasive SoS: a SmartPowerchair

Persona-Centred Information Security Awareness

Maintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One approach towards improving behaviours and culture is with the application of on-going awareness activities. This paper presents an approach for identifying security related human factors by incorporating personas into information security awareness design and implementation. The personas, which are grounded in empirical data, offer a useful method for identifying audience needs and security risks, enabling a tailored approach to business-specific awareness activities. As a means for integrating personas, we present six on-going steps that can be embedded into business-as-usual activities with 90-day cycles of awareness themes, and evaluate our approach with a case study business. Our findings suggest a persona-centred information security awareness approach has the capacity to adapt to the time and resource required for its implementation within the business, and offer a positive contribution towards reducing or mitigating Information Security risks through security awareness

Security risk assessment in systems of systems.

A System of Systems (SoS) is a set of independent systems that interoperate to achieve capabilities that none of the separate systems can achieve independently. The component systems may be independently operated or managed, and this may cause control problems. An area of particular concern is managing security of the large complex system that is the SoS, because development and operation of component systems may be done independently. Security vulnerabilities may arise at the SoS level that are not present or cannot be determined at the component system level. Security design and management processes typically operate only at component system level. Within this thesis, the problem of security risk assessment at the SoS level is examined by identifying factors specific to SoSs, formulating a framework through which it can be managed, and creating a process with visualisation to support risk managers and security experts in making assessment of security risks for a SoS. Humans must be considered as part of the SoS and feature in risks associated with security. A broadly qualitative methodology has been adopted using interviews, case studies, and a scenario method in which prototype framework elements were tested. Two SoS examples, including the Afghan Mission Network (AMN) as a SoS, and a SmartPowerchair SoS were used to identify, combine, and apply relevant elements in a SoS context towards addressing the research problem. For the AMN, this included interviews and focus groups with stakeholders experienced in NATO security, risk, and network-based roles. Whereas, the SmartPowerchair SoS was based on interviews and on-going communication with a single stakeholder representative as the owner and user of the SoS. Based on the findings, OASoSIS has been developed as a framework combining the use of OCTAVE Allegro and CAIRIS to model and assess Information Security risk in the SoS context. The process for applying OASoSIS is detailed within the thesis. The first contribution of OASoSIS introduces a SoS characterisation process to support a SoS security risk assessment. The second contribution modifies a version of the OCTAVE Allegro Information Security risk assessment process to align with the SoS context. Risk data captured during a first-stage assessment then provides input for a third contribution that integrates concepts, models, and techniques with tool-support from CAIRIS to model the SoS information security risks. Two case studies relating to a Military Medical Evacuation SoS and a Canadian Emergency Response SoS were used to apply and validate the contributions. These were validated through input from expert Military Medical stakeholders experienced in NATO operations, and key Emergency Response SoS stakeholders with further input from an expert Emergency Management stakeholder. To further strengthen the validity of the end-to-end application of OASoSIS in future work, it would benefit from being implemented within the SoS design process for other SoS scenarios