Identifying implicit vulnerabilities through personas as goal models

Shamal Faily*, Claudia Iacob, Raian Ali, Duncan Ki-Aries

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

42 Downloads (Pure)

Abstract

When used in requirements processes and tools, personas have the potential to identify vulnerabilities resulting from misalignment between user expectations and system goals. Typically, however, this potential is unfulfilled as personas and system goals are captured with different mindsets, by different teams, and for different purposes. If personas are visualised as goal models, it may be easier for stakeholders to see implications of their goals being satisfied or denied, and designers to incorporate the creation and analysis of such models into the broader RE tool-chain. This paper outlines a tool-supported approach for finding implicit vulnerabilities from user and system goals by reframing personas as social goal models. We illustrate this approach with a case study where previously hidden vulnerabilities based on human behaviour were identified.

Original languageEnglish
Title of host publicationComputer Security - ESORICS 2020 International Workshops, CyberICPS, SECPRE, and ADIoT, 2020, Revised Selected Papers
EditorsSokratis Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Christos Kalloniatis, John Mylopoulos, Annie Antón, Stefanos Gritzalis, Weizhi Meng, Steven Furnell
PublisherSpringer
Pages185-202
Number of pages18
ISBN (Electronic)978-3-030-64330-0
ISBN (Print)978-3-030-64329-4
DOIs
Publication statusPublished - 17 Dec 2020
Event6th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2020, 2nd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2020, and 3rd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2020, held in conjunction with 25th European Symposium on Research in Computer Security, ESORICS 2020 - Guildford, United Kingdom
Duration: 14 Sept 202018 Sept 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12501 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference6th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2020, 2nd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2020, and 3rd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2020, held in conjunction with 25th European Symposium on Research in Computer Security, ESORICS 2020
Country/TerritoryUnited Kingdom
CityGuildford
Period14/09/2018/09/20

Fingerprint

Dive into the research topics of 'Identifying implicit vulnerabilities through personas as goal models'. Together they form a unique fingerprint.

Cite this