Bridging User-Centered Design and Requirements Engineering with GRL and Persona Cases

Despite the large body of i* research, there has been com- paratively little work on how goal-modelling techniques can help identify usability concerns. Recent work has considered how goal models might better integrate with User-Centered Design. This paper takes an alterna- tive perspective by examining how work in User-Centered Design, specifi- cally Persona Cases, can be re-framed as goal models. We briefly describe an approach for doing this, and present some preliminary results from applying this approach using the Goal-oriented Requirements Language and existing tool support

Designing usable and secure software with IRIS and CAIRIS.

Everyone expects the products and services they use to be secure, but 'building security in' at the earliest stages of a system's design also means designing for use as well. Software that is unusable to end-users and unwieldy to developers and administrators may be insecure as errors and violations may expose exploitable vulnerabilities. This book shows how practitioners and researchers can build both security and usability into the design of systems. It introduces the IRIS framework and the open source CAIRIS platform that can guide the specification of secure and usable software. It also illustrates how IRIS and CAIRIS can complement techniques from User Experience, Security Engineering and Innovation & Entrepreneurship in ways that allow security to be addressed at different stages of the software lifecycle without disruption. Real-world examples are provided of the techniques and processes illustrated in this book, making this text a resource for practitioners, researchers, educators, and students

Improving secure systems design with security culture.

This poster summarises how the concept of security culture can be used to improve systems security and secure systems design. It highlights: the use of personas and user-centred design; environment modeling and understanding a system's context; and the use of goal, requirement and task analysis

Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism

Designing security for grassroot movements raises several challenges not particular to the organisations that conven- tional approaches to security design cater for. Drawing on analogies between Social Entrepreneurship and Grassroot Activism, adopting an entrepreneurial approach to security design may lead to security design decisions which are both in-tune with a grassroot movement’s aims and cost effec- tive. This position paper considers the applicability of Secu- rity Entrepreneurship for security design in grassroot move- ments. Using a SWOT analysis, we discuss the strengths and weaknesses or this approach, before considering exter- nal threats and opportunities arising its prolonged adoption

To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design.

When designing secure systems, we are inundated with an eclectic mix of security and non-security requirements; this makes predicting a successful outcome from the universe of possible security design decisions a difficult problem. We propose augmenting the process of security design with the paradigm of Security Entrepreneurship: the application of innovation models and principles to organise, create, and manage security design elements to bring about improved system security. We propose three initial Security Entrepreneurship techniques as examples of this paradigm, describe how their underlying models align with secure systems design, and help predict the social and technical impact of possible design decisions. We also pose a number of thought experiments, and suggest possible research agendas for Security Entrepreneurship

Ethical hacking assessment as a vehicle for undergraduate cyber-security education.

The need for cyber security professionals in the UK is growing, motivating the need to introduce cybersecurity at an earlier stage of an undergraduate's education. However, despite on-going interest in cybersecurity pedagogy, there has been comparatively little work exploring the role of assessment in educating future cybersecurity practitioners. This paper presents a case study on the re-design and critical evaluation of an undergraduate ethical hacking coursework assignment. The study describes how recent work in ethical hacking pedagogy informed an assignment re-design, and the revised assignment was critically analysed based on constructive alignment, student engagement, and plagiarism

Analysing chindōgu: applying defamiliarisation to security design.

Envisaging how secure systems might be attacked is difficult without adequate attacker models or relying on stereotypes. Defamiliarisation removes this need for a priori domain knowledge and encourages designers to think critically about system properties otherwise considered innocuous. However, questions remain about how such an approach might fit into the larger design process. This paper illustrates how security requirements were elicited by building a security chindōgu, and using defamiliarisation to help analyse it. We summarise this technique before briefly describing its use in a real-world setting

Does object-oriented domain analysis work?

The Rational Unified Process (RUP), the Rapid Object-Oriented Process for Embedded Systems (ROPES) and other OO approaches propose Use Case driven analysis as a mechanism for capturing requirements and deriving object models. B. Douglass' Real Time UML describes how "later analysis decomposes the system into [...] objects". Beyond discussion of a number of common object identification strategies, such as noun-phrase underlining and key concept identification, only lip-service is paid to what has been described as the Fundamental Difficulty (FD) of Object Oriented Domain Analysis (OODA). The Fundamental Difficulty was defined by Svetinovic et al. (at RE'05 in Paris) as the difficulty of identifying system domain concepts as Objects (which some might think pretty central to the OODA enterprise). A study of undergraduate projects, documented by Svetinovic using these techniques, found that object models of the same system often differed drastically in terms of concepts identified, while software concepts were often specified at inconsistent abstraction levels. These observations raise the concern that OODA may be incorrectly applied by many practitioners. Microsoft's Steve McConnell argues that most practitioners neither have the benefit of a Software Engineering education, nor do they have ready access to evaluations of the myriad of available tools and techniques

Security and usability: searching for the philosopher's stone.

This paper describes the unique challenges facing usable security research and design, and introduces three proposals for addressing these. For all intents and purposes security design is currently a craft, where quality is dependent on individuals and their ability, rather than principles and engineering. However, the wide variety of different skills necessary to design secure and usable systems is unlikely to be mastered by many individuals, requiring an unlikely combination of insight and education. Psychology, economics and cryptography have very little in common, and yet all have a role to play in the field of usable security. To address these concerns, three proposals are presented here: to adopt a principled design framework for usable security and privacy, to support a research environment where skills and knowledge can be pooled and shared, and to guide and inform the principles that underpin the educational curriculum of future security engineers and researchers

Engaging stakeholders in security design: an assumption-driven approach.

System stakeholders fail to engage with security until comparatively late in the design and development process. User Experience artefacts like personas and scenarios create this engagement, but creating and contextualising them is difficult without real-world, empirical data; such data cannot be easily elicited from disengaged stakeholders. This paper presents an approach for engaging stakeholders in the elicitation and specification of security requirements at a late-stage of a system's design; this approach relies on assumption-based personas and scenarios, which are aligned with security and requirements analysis activities. We demonstrate this approach by describing how it was used to elicit security requirements for a medical research portal