Barry is not the weakest link: eliciting secure system requirements with personas
نویسندگان
چکیده
Building secure and usable systems means specifying systems for the people using it and the tasks they carry out, rather than vice-versa. User-Centered design approaches encourage an early focus on users and their contexts of use, but these need to be integrated with approaches for engineering secure systems. This paper describes how personas can augment a process for eliciting and specifying requirements for secure and usable systems. Our results suggest that personas increase stakeholder empathy towards users represented by personas, and the empirical data used to build personas can also be used to obtain a better understanding of prospective attackers and their motivations.
منابع مشابه
Designing a Secure Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems
Currently e-commerce system security focuses on mechanisms such as secure transactional protocols, cryptographic schemes, parameter sanitization and it is assumed that putting these in place will guarantee a secure eCommerce application. However, often vulnerabilities in the business application logic itself are often ignored that can make the effect of these security mechanisms null and void. ...
متن کاملThe Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design
Personas are useful for obtaining an empirically grounded understanding of a secure system’s user population, its contexts of use, and possible vulnerabilities and threats endangering it. Often, however, personas need to be partially derived from assumptions; these may be embedded in a variety of different representations. Assumption Personas have been proposed as boundary objects for articulat...
متن کاملDesigning a Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems
Currently e-commerce system security focuses on mechanisms such as secure transactional protocols, cryptographic schemes, parameter sanitization and it is assumed that putting these in place will guarantee a secure eCommerce application. However, often vulnerabilities in the business application logic itself are often ignored that can make the effect of these security mechanisms null and void. ...
متن کاملEngaging stakeholders during late stage security design with assumption personas
Purpose – This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system’s design. Design/methodology/approach – The author has devised an approach for developing assumption personas for use in participatory design sessions during the later stages of a system’s design. The...
متن کاملHumans - the weakest and strongest link in securing systems
Humans design, operate and are the net beneficiaries of most systems. However humans are fallible and make mistakes. At the same time humans are adaptable and resourceful in both designing systems and correcting them when they go wrong. These characteristics mean that humans can be both the strongest and the weakest link in system security. The aim of this paper is to look at how industrial con...
متن کامل