Advertisement

Usable and Secure Software Design: The State-of-the-Art

  • Shamal FailyEmail author
Chapter

Abstract

This chapter reviews the current state-of-the-art in the design of usable and secure systems. This chapter should not be considered as a state of the art review of usability and security in general, and HCI-Security (HCI-Sec) in particular. For those readers interested in such a review, I would recommend [1]. I begin by identifying several common themes in the design of effective information security and reviews work by the HCI-Sec community towards designing usable security. Based on limitations in this existing work, I take a step back and review the prevalent HCI concepts available for designing usable and secure systems, including research on integrating these ideas with Software Engineering, and the potential consequences of these approaches to security. Because the concept of Requirement is shared by both the security and usability communities, I review how existing work in Security Requirements Engineering might be cogent to the design of usability. In particular, I review several dominant Requirements Engineering approaches, and consider issues which may arise when viewing them from a usability perspective. I also introduce the concept of a framework and illustrate how existing Requirements Engineering frameworks deal with eliciting security and usability concerns. I conclude this chapter with a brief review of the available tool-support for facilitating Usability and Security Requirements Engineering activities.

References

  1. 1.
    Garfinkel S, Lipford HR. Usable security: history, themes, and challenges. Synth Lect Inf Secur Priv Trust. 2014;5(2):1–124.Google Scholar
  2. 2.
    ISO. ISO/IEC 27002: Information Technology – Security Techniques – Code of Practice for Information Security Management. ISO/IEC; 2007.Google Scholar
  3. 3.
    Gollmann D. Computer security. 2nd ed. John Wiley & Sons; 2006.Google Scholar
  4. 4.
    ISO. ISO/IEC 27001: Information Technology – Security Techniques – Requirements. ISO/IEC; 2005.Google Scholar
  5. 5.
    Beynon-Davies P. Information systems: an introduction to informatics in organisations. Palgrave; 2002.Google Scholar
  6. 6.
    Liebenau J, Backhouse J. Understanding information: an introduction. Macmillan; 1990.CrossRefGoogle Scholar
  7. 7.
    Royal Society of London. Risk Assessment: A Study Group Report. Royal Society; 1983.Google Scholar
  8. 8.
    Schneier B. Beyond fear: thinking sensibly about security in an uncertain world. New York: Springer; 2003.Google Scholar
  9. 9.
    Swiderski F, Snyder W. Threat modeling. Microsoft Press; 2004.Google Scholar
  10. 10.
    Shostack A. Threat modeling: designing for security. John Wiley & Sons; 2014.Google Scholar
  11. 11.
    Rescorla E, Korver B. Guidelines for Writing RFC Text on Security Considerations. Internet Architecture Board; 2003. 3552. https://tools.ietf.org/html/rfc3552.
  12. 12.
    Backhouse J, Dhillon G. Structures of responsibility and security of information systems. Eur J Inf Syst. 1996;5(1):2–9.CrossRefGoogle Scholar
  13. 13.
    Blyth A. Using stakeholders, domain knowledge, and responsibilities to specify information systems’ requirements. J Organ Comput Electron Commer. 1999;9(4):287–96.Google Scholar
  14. 14.
    Strens R, Dobson J. How responsibility modelling leads to security requirements. In: Proceedings of the 1992–1993 New Security Paradigms Workshop. ACM; 1993. p. 143–9.Google Scholar
  15. 15.
    Barman S. Writing information security policies. New Riders; 2002.Google Scholar
  16. 16.
    Helokunnas T, Kuusisto R. Information security culture in a value net. In: Proceedings of the 2003 engineering management conference. IEEE Computer Society; 2003. p. 190–4.Google Scholar
  17. 17.
    da Veiga A, Eloff JHP. An information security governance framework. Inf Syst Manag. 2007;24(4):361–72.CrossRefGoogle Scholar
  18. 18.
    Thomson KL, von Solms R. Information security obedience: a definition. Comput Secur. 2005;24(1):69–75.CrossRefGoogle Scholar
  19. 19.
    Thomson KL, von Solms R, Louw L. Cultivating an organizational information security culture. Comput Fraud Secur. 2006;2006(10):7–11.CrossRefGoogle Scholar
  20. 20.
    Faily S, Fléchais I. Designing and aligning e-Science security culture with design. Inf Manag Comput Secur. 2010;18(5):339–49.CrossRefGoogle Scholar
  21. 21.
    James HL. Managing information systems security: a soft approach. In: Proceedings of the information systems conference of new zealand. IEEE Computer Society; 1996. p. 10–20.Google Scholar
  22. 22.
    Checkland P, Scholes J. Soft systems methodology in action. John Wiley & Sons; 1990.Google Scholar
  23. 23.
    Schneier B. Secrets and lies : digital security in a networked world. John Wiley & Sons; 2000.Google Scholar
  24. 24.
    Brostoff S, Sasse MA. Safe and sound: a safety-critical approach to security. In: Proceedings of the 2001 New Security Paradigms Workshop. ACM; 2001. p. 41–50.Google Scholar
  25. 25.
    Saltzer JH, Schroeder MD. The protection of information in computer systems. Proc IEEE. 1975;63(9):1278–308.CrossRefGoogle Scholar
  26. 26.
    Adams A, Sasse MA. Users are not the enemy. Commun ACM. 1999;42:41–6.CrossRefGoogle Scholar
  27. 27.
    Whitten A, Tygar D. Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: Proceedings of the 8th USENIX security symposium. USENIX Association; 1999. p. 169–84.Google Scholar
  28. 28.
    Yee KP. Guidelines and strategies for secure interaction design. In: Cranor LF, Garfinkel S, editors. Security and usability: designing secure systems that people can use. O’Reilly Media; 2005. p. 247–73.Google Scholar
  29. 29.
    Garfinkel SL. Design principles and patterns for computer systems that are simultaneously secure and usable. Cambridge; 2005.Google Scholar
  30. 30.
    Gamma E, Helm R, Johnson R, Vlissides J. Design patterns: elements of reusable object-oriented software. Addison-Wesley; 1995.Google Scholar
  31. 31.
    Sasse MA, Brostoff S, Weirich D. Transforming the weakest link - a human/computer interaction approach to usable and effective security. BT Technol J. 2001;19(3):122–31.Google Scholar
  32. 32.
    Zurko ME, Simon RT. User-centered security. In: Proceedings of the 1996 new security paradigms workshop. ACM; 1996. p. 27–33.Google Scholar
  33. 33.
    Birge C. Enhancing research into usable privacy and security. In: Proceedings of the 27th ACM international conference on design of communication. ACM; 2009. p. 221–6.Google Scholar
  34. 34.
    tom Markotten DG. User-centered security engineering. In: Proceedings of the 4th Europen/USENIX conference. 2002 Unpublished workshop proceedings.Google Scholar
  35. 35.
    Nielsen J, Mack RL. Usability inspection methods. John Wiley & Sons; 1994.Google Scholar
  36. 36.
    Jendricke U, tom Markotten DG. Usability meets security - the identity-manager as your personal security assistant for the internet. In: Proceedings of the 16th annual computer security applications conference. IEEE Computer Society; 2000. p. 344–53.Google Scholar
  37. 37.
    Fléchais I, Mascolo C, Sasse MA. Integrating security and usability into the requirements and design process. Int J Electron Secur Digit Forensics. 2007;1(1):12–26.CrossRefGoogle Scholar
  38. 38.
    Zurko ME. User-centered security: stepping up to the grand challenge. In: Proceedings of the 21st annual computer security applications conference. IEEE Computer Society; 2005. p. 14–27.Google Scholar
  39. 39.
    Rumbaugh J, Jacobson I, Booch G. The unified modeling language reference manual. 2nd ed. Addison-Wesley; 2005.Google Scholar
  40. 40.
    Star SL, Griesemer JR. Institutional ecology, translations and boundary objects: amateurs and professionals in berkeley’s museum of vertebrate zoology, 1907–39. Social Stud Sci. 1989;19(3):387–420.CrossRefGoogle Scholar
  41. 41.
    Irestig M, Eriksson H, Timpka T. The impact of participation in information system design: a comparison of contextual placements. In: Proceedings of the 8th conference on participatory design. ACM; 2004. p. 102–11.Google Scholar
  42. 42.
    Holtzblatt K, Jones S. Contextual Inquiry: a participatory technique for systems design. In: Schuler D, Namioka A, editors. Participatory design: principles and practice. Lawrence Erlbaum Associates; 1993. p. 177–210.Google Scholar
  43. 43.
    Hewett TT, Baecker R, Card S, Carey T, Gasen J, Mantei M, et al. 2. In: ACM SIGCHI curricula for human-computer interaction. ACM; 1996.Google Scholar
  44. 44.
    Thimbleby H. Press on: principles of interaction programming. MIT Press; 2007.Google Scholar
  45. 45.
    Coutaz J, Calvary G. HCI and software engineering: designing for user interface plasticity. In: Sears A, Jacko JA, editors. The human-computer interaction handbook: fundamentals, evolving technologies, and emerging applications. Lawrence Erlbaum Associates; 2008. p. 1107–25.CrossRefGoogle Scholar
  46. 46.
    Ghezzi C, Jazayeri M, Mandrioli D. Fundamentals of software engineering. 2nd ed. Prentice Hall; 2003.Google Scholar
  47. 47.
    Lauesen S. User interface design: a software engineering perspective. Pearson Addison Wesley; 2005.Google Scholar
  48. 48.
    ISO. ISO 9241-11. Ergonomic requirements for office work with visual display terminals (VDT)s - Part 11 Guidance on usability; 1998.Google Scholar
  49. 49.
    Norman DA. The design of everyday things. 1st ed., Basic books; 1988.Google Scholar
  50. 50.
    Moggridge B. Designing interactions. MIT Press; 2007.Google Scholar
  51. 51.
    Gould JD, Lewis C. Designing for usability: key principles and what designers think. Commun ACM. 1985;28(3):300–11.CrossRefGoogle Scholar
  52. 52.
    ISO. ISO/IEC 13407: Human-Centered Design Processes for Interactive Systems. ISO/IEC; 1999.Google Scholar
  53. 53.
    Noessel C, Cooper A, Reimann R, Cronin D. About face: the essentials of interaction design. 4th ed. John Wiley & Sons; 2014.Google Scholar
  54. 54.
    Beyer H, Holtzblatt K. Contextual design: defining customer-centered systems. Morgan Kaufmann Publishers Inc.; 1998.Google Scholar
  55. 55.
    Constantine LL, Lockwood LAD. Software for use: a practical guide to the models and methods of usage-centered design. Addison-Wesley; 1999.Google Scholar
  56. 56.
    Holtzblatt K, Wendell JB, Wood S. Rapid contextual design: a how-to guide to key techniques for user-centered design. Elsevier; 2005.CrossRefGoogle Scholar
  57. 57.
    Diaper D. Understanding task analysis for human-computer interaction. In: Diaper D, Stanton NA, editors. The handbook of task analysis for human-computer interaction. Lawrence Erlbaum Associates; 2004. p. 5–47.Google Scholar
  58. 58.
    Annett J. Hierarchical task analysis. In: Diaper D, Stanton NA, editors. The handbook of task analysis for human-computer interaction. Lawrence Erlbaum Associates; 2004. p. 67–82.Google Scholar
  59. 59.
    Kieras D. GOMS models for task analysis. In: Diaper D, Stanton NA, editors. The handbook of task analysis for human-computer interaction. Lawrence Erlbaum Associates; 2004. p. 83–116.Google Scholar
  60. 60.
    Go K, Carroll JM. Scenario-based task analysis. In: Diaper D, Carroll JM, editors. The handbook of task analysis for human-computer interaction. Lawrence Erlbaum Associates; 2004.Google Scholar
  61. 61.
    Rosson MB, Carroll JM. Usability engineering: scenario-based development of human-computer. Academic Press; 2002.Google Scholar
  62. 62.
    Nathan LP, Klasnja PV, Friedman B. Value scenarios: a technique for envisioning systemic effects of new technologies. In: CHI ’07: extended abstracts on Human factors in computing systems. ACM; 2007. p. 2585–90.Google Scholar
  63. 63.
    Cooper A. The inmates are running the asylum: why high tech products drive us crazy and how to restore the sanity. 2nd ed. Pearson Higher Education; 1999.Google Scholar
  64. 64.
    Pruitt J, Adlin T. The persona lifecycle: keeping people in mind throughout product design. Elsevier; 2006.Google Scholar
  65. 65.
    Norman DA. Ad-Hoc personas and empathetic focus. In: Pruitt J, Adlin T, editors. The persona lifecycle: keeping people in mind throughout product design. Morgan Kaufmann; 2006. p. 154–7.Google Scholar
  66. 66.
    Cockton G. Revisiting usability’s three key principles. In: CHI ’08 extended abstracts on human factors in computing systems. ACM; 2008. p. 2473–84.Google Scholar
  67. 67.
    Moody F. I sing the body electronic: a year with microsoft on the multimedia frontier. USA: Penguin; 1996.Google Scholar
  68. 68.
    Thimbleby H. User-centered methods are insufficient for safety critical systems. In: HCI and usability for medicine and health care, third symposium of the workgroup human-computer interaction and usability engineering of the austrian computer society. Springer: LNCS; 2007. p. 1–20.Google Scholar
  69. 69.
    Chapman CN, Milham RP. The persona’s new clothes: methodological and practical arguments against a popular method. In: Proceedings of the human factors and ergonomics society 50th annual meeting. 2006. p. 634–6. http://cnchapman.files.wordpress.com/2007/03/chapman-milham-personas-hfes2006-0139-0330.pdfCrossRefGoogle Scholar
  70. 70.
    Norman DA. Human-centered design considered harmful. Interactions. 2005;12(4):14–9.CrossRefGoogle Scholar
  71. 71.
    Bannon LJ. From human factors to human actors: the role of psychology and human-computer interaction studies in system design. In: Greenbaum JM, Kyng M, editors. Design at work: cooperative design of computer systems. L. Erlbaum Associates; 1991. p. 25–44.Google Scholar
  72. 72.
    Ackerman MS. The intellectual challenge of CSCW: the gap between social requirements and technical feasibility. Human-Comput Interact. 2000;15(2):179–203.CrossRefGoogle Scholar
  73. 73.
    Randall D, Harper R, Rouncefield M. Fieldwork for design: theory and practice. Berlin: Springer; 2007.CrossRefGoogle Scholar
  74. 74.
    Matthews T, Whittaker S, Moran T, Yuen S. Collaboration personas: a new approach for designing workplace collaboration tools. In: Proceedings of the 29th international conference on human factors in computing systems. ACM; 2011. p. 2247–56.Google Scholar
  75. 75.
    Thimbleby H, Thimbleby W. Internalist and externalist HCI. In: Proceedings of the 21st British HCI group annual conference. British Computer Society; 2007. p. 111–4.Google Scholar
  76. 76.
    Dowell J, Long J. Towards a conception for an engineering discipline of human factors. Ergonomics. 1989;32(11):1513–35.CrossRefGoogle Scholar
  77. 77.
    Seffah A, Gulliksen J, Desmarais MC. An introduction to human-centered software engineering: integrating usability in the development process. In: Seffah A, Gulliksen J, Desmarais MC, editors. Human-centered software engineering: integrating usability in the software development lifecycle. Berlin: Springer; 2005. p. 3–14.Google Scholar
  78. 78.
    Seffah A, Gulliksen J, Desmarais MC. Human-centered software engineering: integrating usability in the software development lifecycle. Berlin: Springer; 2005.CrossRefGoogle Scholar
  79. 79.
    Seffah A, Vanderdonckt J, Desmarais MC, editors. Human-centered software engineering: software engineering models., patterns and architectures for HCIBerlin: Springer; 2009.Google Scholar
  80. 80.
    Seffah A, Metzker E. The obstacles and myths of usability and software engineering. Commun ACM. 2004;47(12):71–6.CrossRefGoogle Scholar
  81. 81.
    Constantine LL. Activity modeling: towards a pragmatic integration of activity theory with usage-centered design., Laboratory for usage-centered software engineering; 2006.Google Scholar
  82. 82.
    Eriksson HE, Penker M. Business modeling with UML: business patterns at work. John Wiley & Sons; 2000.Google Scholar
  83. 83.
    Gulliksen J, Goransson B, Boivie I, Persson J, Blomkvist S, Cajander A. Key principles for user-centered systems design. In: Seffah A, Gulliksen J, Desmarais MC, editors. Human-centered software engineering: integrating usability in the software development lifecycle. Berlin: Springer; 2005. p. 17–35.CrossRefGoogle Scholar
  84. 84.
    Sutcliffe A. Convergence or competition between software engineering and human computer interaction. In: Seffah A, Gulliksen J, Desmarais MC, editors. Human-centered software engineering: integrating usability in the software development lifecycle. Berlin: Springer; 2005.Google Scholar
  85. 85.
    Zave P. Classification of research efforts in requirements engineering. ACM Comput Surv. 1997;29(4):315–21.CrossRefGoogle Scholar
  86. 86.
    Nuseibeh B, Easterbrook S. Requirements engineering: a roadmap. In: ICSE ’00: Proceedings of the conference on the future of software engineering. ACM; 2000. p. 35–46.Google Scholar
  87. 87.
    IEEE. IEEE Standard Glossary of Software Engineering Terminology. IEEE Std 61012-1990. 1990;.Google Scholar
  88. 88.
    Sommerville I, Sawyer P. Requirements engineering: a good practice guide. John Wiley & Sons; 1999.Google Scholar
  89. 89.
    Alexander I, Beus-Dukic L. Discovering requirements: how to specify products and services. John Wiley & Sons; 2009.Google Scholar
  90. 90.
    Robertson J, Robertson S. Volere requirements specification template. 14th ed.; 2009 http://www.volere.co.uk/template.htm.
  91. 91.
    IBM. IBM Rational DOORS; 2010. http://www-01.ibm.com/software/awdtools/doors.
  92. 92.
    Hoffmann M, Kuhn N, Weber M, Bittner M. Requirements for requirements management tools. In: Proceedings of the 12th IEEE international requirements engineering conference. IEEE Computer Society; 2004. p. 301–8.Google Scholar
  93. 93.
    Fléchais I, Sasse MA. Stakeholder involvement, motivation, responsibility, communication: how to design usable security in e-Science. Int J Human-Comput Stud. 2009;67(4):281–96.CrossRefGoogle Scholar
  94. 94.
    Haukelid K. Theories of (safety) culture revisited-an anthropological approach. Saf Sci. 2008;46(3):413–26.CrossRefGoogle Scholar
  95. 95.
    Ruighaver T, Maynard S, Chang S. Organisational security culture: extending the end-user perspective. Comput Secur. 2007;2;26(1):56–62.CrossRefGoogle Scholar
  96. 96.
    Tøndel IA, Jaatun MG, Meland PH. Security requirements for the rest of us: a survey. IEEE Softw. 2008;25(1):20–7.CrossRefGoogle Scholar
  97. 97.
    Firesmith DG. Engineering security requirements. J Object Technol. 2003;2(1):53–68.CrossRefGoogle Scholar
  98. 98.
    Haley CB, Laney R, Moffett JD, Nuseibeh B. Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng. 2008;34(1):133–53.CrossRefGoogle Scholar
  99. 99.
    Jackson M. Problem frames: analysing and structuring software development problems. Addison-Wesley; 2001.Google Scholar
  100. 100.
    Hatebur D, Heisel M, Schmidt H. A security engineering process based on patterns. In: Proceedings of the 18th international conference on database and expert systems applications. IEEE Computer Society; 2007. p. 734–8.Google Scholar
  101. 101.
    Schmidt H. Threat- and risk-analysis during early security requirements engineering. In: Proceedings of the 5th international conference on availability, reliability and security. IEEE Computer Society; 2010. p. 188–195.Google Scholar
  102. 102.
    Vincent M. Communicating requirements for business: UML or problem frames? In: Proceedings of the 3rd international workshop on applications and advances of problem frames. ACM; 2008. p. 16–22.Google Scholar
  103. 103.
    van Lamsweerde A. Requirements engineering: from system goals to uml models to software specifications. John Wiley & Sons; 2009.Google Scholar
  104. 104.
    Dardenne A, van Lamsweerde A, Fickas S. Goal-directed requirements acquisition. Sci Comput Programm. 1993;20(1–2):3–50.CrossRefGoogle Scholar
  105. 105.
    Aziz B, Arenas A, Bicarregui J, Ponsard C, Massonet P. From goal-oriented requirements to event-B specifications. In: Proceedings of the first NASA Formal methods symposium. NASA; 2009. p. 96–105Google Scholar
  106. 106.
    van Lamsweerde A, Letier E. Handling obstacles in goal-oriented requirements engineering. IEEE Trans Softw Eng. 2000;26(10):978–1005.CrossRefGoogle Scholar
  107. 107.
    Leveson N. Safeware: system safety and computers. Addison-Wesley; 1995.Google Scholar
  108. 108.
    van Lamsweerde A. Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th international conference on software engineering. IEEE Computer Society; 2004. p. 148–157Google Scholar
  109. 109.
    Gabriel RP. Worst is better; 2012. http://dreamsongs.com/WorseIsBetter.html.
  110. 110.
    Chung L, Nixon BA, Yu E, Mylopoulos J. Non-functional requirements in software engineering. Kluwer Academic; 2000.CrossRefGoogle Scholar
  111. 111.
    University of Toronto. i* web-site; 2010. http://www.cs.toronto.edu/km/istar.
  112. 112.
    Yu E. Towards modeling and reasoning support for early-phase requirements engineering. In: Proceedings of the 3rd IEEE international symposium on requirements engineering. IEEE Computer Society; 1997. p. 226–235Google Scholar
  113. 113.
    Bresciani P, Perini A, Giorgini P, Giunchiglia F, Mylopoulos J. Tropos: an agent-oriented software development methodology. Autons Agents Multi-Agent Syst. 2004;8(3):203–36.CrossRefGoogle Scholar
  114. 114.
    Elahi G, Yu E, Zannone N. A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requir Eng. 2010;15(1):41–62.CrossRefGoogle Scholar
  115. 115.
    Elahi G, Yu E. Trust trade-off analysis for security requirements engineering. In: Proceedings of the 17th IEEE international requirements engineering conference. IEEE Computer Society; 2009. p. 243 –248Google Scholar
  116. 116.
    Mouratidis H, Giorgini P. Secure tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng. 2007;17(2):285–309.CrossRefGoogle Scholar
  117. 117.
    Moody DL, Heymans P, Matulevicius R. Improving the effectiveness of visual representations in requirements engineering: an evaluation of i* visual syntax. In: Proceedings of the 17th IEEE international requirements engineering conference. IEEE Computer Society; 2009. p. 171–180Google Scholar
  118. 118.
    Miller GA. The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychol Rev. 1956;63(2):81–97.CrossRefGoogle Scholar
  119. 119.
    Nordbotten JC, Crosby ME. The effect of graphic style on data model interpretation. Inf Syst J. 1999;9(2):139–56.CrossRefGoogle Scholar
  120. 120.
    Easterbrook S, Yu E, Aranda J, Fan Y, Horkoff J, Leica M, et al. Do viewpoints lead to better conceptual models? An exploratory case study. In: Proceedings of the 13th IEEE international requirements engineering conference. IEEE Computer Society; 2005. p. 199–208Google Scholar
  121. 121.
    Maiden N, Jones S, Ncube C, Lockerbie J. Using i* in requirements projects: some experiences and lessons. In: Yu E, editor. Social modeling for requirements engineering. MIT Press; 2011Google Scholar
  122. 122.
    Dalpiaz F, Paja E, Giorgini P. Security requirements engineering: designing secure socio-technical systems. MIT Press; 2016.Google Scholar
  123. 123.
    Jacobson I. Object-oriented software engineering: a use case driven approach. Addison-Wesley; 1992.Google Scholar
  124. 124.
    Kruchten P. The rational unified process: an introduction. 3rd ed. Addison-Wesley; 2003.Google Scholar
  125. 125.
    Cockburn A. Writing effective use cases. Addison-Wesley; 2001.Google Scholar
  126. 126.
    Sindre G, Opdahl AL. Eliciting security requirements with misuse cases. Requir Eng. 2005;10(1):34–44.CrossRefGoogle Scholar
  127. 127.
    Hope P, McGraw G, Antón AI. Misuse and abuse cases: getting past the positive. IEEE Secur Priv. 2004;2(3):90–2.CrossRefGoogle Scholar
  128. 128.
    Røstad L. An extended misuse case notation: including vulnerabilities and the insider threat. In: Proceedings of the 12th international working conference on requirements engineering. Essener Informatik Beiträge; 2006Google Scholar
  129. 129.
    McDermott J, Fox C. Using abuse case models for security requirements analysis. In: Proceedings of the 15th annual computer security applications conference. ACSAC ’99. IEEE Computer Society; p. 55–66Google Scholar
  130. 130.
    Potts C, Takahashi K, Antón AI. Inquiry-based requirements analysis. IEEE Softw. 1994;11(2):21–32.CrossRefGoogle Scholar
  131. 131.
    Beck K, Andres C. Extreme programming explained: embrace change. 2nd ed. Addison-Wesley; 2005.Google Scholar
  132. 132.
    Cohn M. User stories applied: for agile software development. Addison-Wesley; 2004.Google Scholar
  133. 133.
    Mayer N. Model-based management of information system security risk. University of Namur; 2009.Google Scholar
  134. 134.
    Matulevičius R, Mayer N, Heymans P. Alignment of misuse cases with security risk management. In: Proceedings of the 3rd international conference on availability, reliability and security. IEEE Computer Society; 2008. p. 1397–1404Google Scholar
  135. 135.
    Castro JW, Acuna ST, Juristo N. Integrating the personas technique into the requirements analysis activity. In: Proceedings of the 2008 mexican international conference on computer science. IEEE Computer Society; 2008. p. 104–112Google Scholar
  136. 136.
    Aoyama M. Persona-scenario-goal methodology for user-centered requirements engineering. In: Proceedings of the 15th IEEE international requirements engineering conference. IEEE Computer Society; 2007. p. 185 –194Google Scholar
  137. 137.
    Cleland-Huang J. Meet elaine: a persona-driven approach to exploring architecturally significant requirements. IEEE Softw. 2013;30(4):18–21.CrossRefGoogle Scholar
  138. 138.
    Mead N, Shull F, Spears J, Heibl S, Weber S, Cleland-Huang J. Crowd sourcing the creation of personae non gratae for requirements-phase threat modeling. In: 25th IEEE international requirements engineering conference, RE 2017, Lisbon, Portugal, September 4-8, 2017; 2017. p. 412–417Google Scholar
  139. 139.
    Iivari J, Hirschheim R, Klein HK. A paradigmatic analysis contrasting information systems development approaches and methodologies. Inf Syst Res. 1998;9(2):164–93.CrossRefGoogle Scholar
  140. 140.
    Avison DE, Wood-Harper T. Multiview: An exploration in information systems development. McGraw-Hill; 1990.Google Scholar
  141. 141.
    Mumford E. Designing human systems for new technology: the ETHICS method. Manchester Business School; 1983. http://www.enid.u-net.com/C1book1.htm.
  142. 142.
    Framework, n.1. OED Online. Oxford University Press; 2010. http://dictionary.oed.com/cgi/entry/50089406.
  143. 143.
    Haley CB. Arguing security: a framework for analyzing security requirements. The Open University; 2007.Google Scholar
  144. 144.
    Parnas DL, Clements PC. A rational design process: How and why to fake it. IEEE Trans Softw Eng. 1986;12(2):251–7.CrossRefGoogle Scholar
  145. 145.
    Sommerville I. Software engineering. 8th ed. Pearson Education Limited; 2007.Google Scholar
  146. 146.
    Maiden N, Jones S. The RESCUE requirements engineering process: an integrated user-centered requirements engineering process. Version 4.1. City University; 2004.Google Scholar
  147. 147.
    Mavin A, Maiden N. Determining socio-technical system requirements: experiences with generating and walking through scenarios. In: Proceedings of 11th IEEE interational conference on requirements engineering. IEEE Computer Society; 2003. p. 213–222Google Scholar
  148. 148.
    Mead NR, Hough ED, II TRS. Security quality requirements engineering (SQUARE) methodology. Carnegie Mellon Software Engineering Institute; 2005. CMU/SEI-2005-TR-009.Google Scholar
  149. 149.
    Karlsson J, Ryan K. A cost-value approach for prioritizing requirements. IEEE Softw. 1997;14(5):67–74.CrossRefGoogle Scholar
  150. 150.
    Mead NR, McGraw G, Ellison RJ, Barnum S, Allen JH. Software security engineering: a guide for project managers. Addison-Wesley Professional; 2008.Google Scholar
  151. 151.
    Mead NR. Benefits and challenges in the use of case studies for security requirements engineering methods. Int J Secur Softw Eng. 2010;1(1):74–91.CrossRefGoogle Scholar
  152. 152.
    Bijwe A, Mead N. Adapting the SQUARE process for privacy requirements engineering. software engineering institute, carnegie mellon university; 2010. CMU/SEI-2010-TN-022. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9357.
  153. 153.
    Alva A, Young L. L-SQUARE: Preliminary extension of the SQUARE methodology to address legal compliance. In: IEEE 1st workshop on evolving security and privacy requirements engineering, ESPRE 2014, 25 August, 2014, Karlskrona, Sweden; 2014. p. 25–30Google Scholar
  154. 154.
    Singh S, Bartolo K. Grounded theory and user requirements: a challenge for qualitative research. Australas J Inf Syst. 2005;12:90–102.Google Scholar
  155. 155.
    Bowles JB. The personification of reliability, safety, and security. In: Proceedings of the annual reliability and maintainability symposium. IEEE Computer Society; 2007. p. 161–166Google Scholar
  156. 156.
    Alexander I. Semiautomatic tracing of requirement versions to use cases. In: Proceedings of the 2nd international workshop on traceability in emerging forms of software engineering; 2002. Unpublished workshop proceedings.Google Scholar
  157. 157.
    Alexander I. Initial industrial experience of misuse cases in trade-off analysis. In: Proceedings of the IEEE international requirements engineering conference. IEEE Computer Society; 2002. p. 61–68Google Scholar
  158. 158.
    den Braber F, Hogganvik I, Lund MS, Stølen K, Vraalsen F. Model-based security analysis in seven steps - a guided tour to the CORAS method. BT Technol J. 2007;25(1):101–17.CrossRefGoogle Scholar
  159. 159.
    Meland PH, Spampinato DG, Hagen E, Baadshaug ET, Krister KM, Velle KS. SeaMonster: Providing tool support for security modeling. Norsk informasjonssikkerhetskonferanse, Universitetet i Agder, Kampus Gimlemoen. 2008.Google Scholar
  160. 160.
    Respect-IT. Objectiver; 2007. http://www.objectiver.com.
  161. 161.
  162. 162.
    University of Trento. Si*Tool: Security and Dependability Tropos Tool;. http://sistar.disi.unitn.it/.
  163. 163.
    Yijun Y, Jürjens J, Schreck J. Tools for traceability in secure software development. In: Proceedings of the 23rd IEEE/ACM international conference on automated software engineering. IEEE Computer Society; 2008. p. 503–504.Google Scholar
  164. 164.
    Hailpern B, Tarr P. Model-driven development: the good, the bad, and the ugly. IBM Syst J. 2006;45(3):451–61.CrossRefGoogle Scholar
  165. 165.
    Jürjens J. Secure systems development with UML. Springer; 2005.Google Scholar
  166. 166.
    Houmb SH, Islam S, Knauss E, Jürjens J, Schneider K. Eliciting security requirements and tracing them to design: an integration of common criteria, heuristics, and UMLsec. Requir Eng. 2010;15(1):63–93.CrossRefGoogle Scholar
  167. 167.
    Knauss E, Lubke D, Meyer S. Feedback-driven requirements engineering: the heuristic requirements assistant. In: ICSE ’09: Proceedings of the 2009 IEEE 31st international conference on software engineering. Washington: IEEE Computer Society; 2009. p. 587–90.Google Scholar
  168. 168.
    ISO. ISO/IEC 15408 : Common Criteria for Information Technology Security Evaluation Part 1 : Introduction and general model Version 3.1 Revision 1. ISO/IEC; 2006.Google Scholar
  169. 169.
    ISO. ISO/IEC 15408 : Common Criteria for Information Technology Security Evaluation Part 2 : Security Functional Components. ISO/IEC; 2008.Google Scholar
  170. 170.
    Gandhi RA, Lee SW. Visual analytics for requirements-driven risk assessment. In: Proceedings of the 2nd international workshop on requirements engineering visualization. IEEE Computer Society; 2007. p. 46–55Google Scholar
  171. 171.
    Hogganvik I. A graphical approach to security risk analysis. University of Oslo; 2007.Google Scholar
  172. 172.
    Feather MS, Cornford SL, Kiper JD, Menzies T. Experiences using visualization techniques to present requirements, risks to them, and options for risk mitigation. In: Proceedingss of the 1st international workshop on requirements engineering visualization. IEEE Computer Society; 2006. p. 10–19Google Scholar
  173. 173.
    Lund MS, Solhaug B, Stølen K. Model-driven risk analysis: the CORAS approach. Springer; 2010.Google Scholar
  174. 174.
    Cornford SL. Managing risk as a resource using the defect detection and prevention process. In: Proceedings of the 4th international conference on probabilistic safety assessment and management. Springer; 1998. p. 1609–1614Google Scholar
  175. 175.
    Shneiderman B. The eyes have it: a task by data type taxonomy for information visualizations. In: VL ’96: Proceedings of the 1996 IEEE symposium on visual languages. Washington: IEEE Computer Society; 1996. p. 336Google Scholar
  176. 176.
    Conti G. Security data visualization: graphical techniques for network analysis. No Starch Press; 2007.Google Scholar
  177. 177.
    Cooper JR, Lee SW, Gandhi RA, Gotel O. Requirements engineering visualization: a survey on the state-of-the-art. In: Proceedings of the 4th international workshop on requirements engineering visualization. IEEE Computer Society; 2009. p. 46–55.Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Computing & InformaticsBournemouth UniversityPoole, DorsetUK

Personalised recommendations