Finding and Resolving Security Misusability with Misusability Cases

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice- versa. One way of using scenarios to bridge security and usability involves explicitly describing how design deci- sions can lead to users inadvertently exploiting vulnera- bilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems sub- sequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illus- trating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems

A goal-oriented requirements modelling language for enterprise architecture

Methods for enterprise architecture, such as TOGAF, acknowledge the importance of requirements engineering in the development of enterprise architectures. Modelling support is needed to specify, document, communicate and reason about goals and requirements. Current modelling techniques for enterprise architecture focus on the products, services, processes and applications of an enterprise. In addition, techniques may be provided to describe structured requirements lists and use cases. Little support is available however for modelling the underlying motivation of enterprise architectures in terms of stakeholder concerns and the high-level goals that address these concerns. This paper describes a language that supports the modelling of this motivation. The definition of the language is based on existing work on high-level goal and requirements modelling and is aligned with an existing standard for enterprise modelling: the ArchiMate language. Furthermore, the paper illustrates how enterprise architecture can benefit from analysis techniques in the requirements domain

Software Engineering Challenges for Investigating Cyber-Physical Incidents

Cyber-Physical Systems (CPS) are characterized by the interplay between digital and physical spaces. This characteristic has extended the attack surface that could be exploited by an offender to cause harm. An increasing number of cyber-physical incidents may occur depending on the configuration of the physical and digital spaces and their interplay. Traditional investigation processes are not adequate to investigate these incidents, as they may overlook the extended attack surface resulting from such interplay, leading to relevant evidence being missed and testing flawed hypotheses explaining the incidents. The software engineering research community can contribute to addressing this problem, by deploying existing formalisms to model digital and physical spaces, and using analysis techniques to reason about their interplay and evolution. In this paper, supported by a motivating example, we describe some emerging software engineering challenges to support investigations of cyber-physical incidents. We review and critique existing research proposed to address these challenges, and sketch an initial solution based on a meta-model to represent cyber-physical incidents and a representation of the topology of digital and physical spaces that supports reasoning about their interplay

Adaptive development and maintenance of user-centric software systems

A software system cannot be developed without considering the various facets of its environment. Stakeholders – including the users that play a central role – have their needs, expectations, and perceptions of a system. Organisational and technical aspects of the environment are constantly changing. The ability to adapt a software system and its requirements to its environment throughout its full lifecycle is of paramount importance in a constantly changing environment. The continuous involvement of users is as important as the constant evaluation of the system and the observation of evolving environments. We present a methodology for adaptive software systems development and maintenance. We draw upon a diverse range of accepted methods including participatory design, software architecture, and evolutionary design. Our focus is on user-centred software systems

A formal verification framework and associated tools for enterprise modeling : application to UEML

The aim of this paper is to propose and apply a verification and validation approach to Enterprise Modeling that enables the user to improve the relevance and correctness, the suitability and coherence of a model by using properties specification and formal proof of properties