TY - GEN
T1 - Identifying implicit vulnerabilities through personas as goal models
AU - Faily, Shamal
AU - Iacob, Claudia
AU - Ali, Raian
AU - Ki-Aries, Duncan
PY - 2020/12/17
Y1 - 2020/12/17
N2 - When used in requirements processes and tools, personas have the potential to identify vulnerabilities resulting from misalignment between user expectations and system goals. Typically, however, this potential is unfulfilled as personas and system goals are captured with different mindsets, by different teams, and for different purposes. If personas are visualised as goal models, it may be easier for stakeholders to see implications of their goals being satisfied or denied, and designers to incorporate the creation and analysis of such models into the broader RE tool-chain. This paper outlines a tool-supported approach for finding implicit vulnerabilities from user and system goals by reframing personas as social goal models. We illustrate this approach with a case study where previously hidden vulnerabilities based on human behaviour were identified.
AB - When used in requirements processes and tools, personas have the potential to identify vulnerabilities resulting from misalignment between user expectations and system goals. Typically, however, this potential is unfulfilled as personas and system goals are captured with different mindsets, by different teams, and for different purposes. If personas are visualised as goal models, it may be easier for stakeholders to see implications of their goals being satisfied or denied, and designers to incorporate the creation and analysis of such models into the broader RE tool-chain. This paper outlines a tool-supported approach for finding implicit vulnerabilities from user and system goals by reframing personas as social goal models. We illustrate this approach with a case study where previously hidden vulnerabilities based on human behaviour were identified.
UR - http://www.scopus.com/inward/record.url?scp=85098240767&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-64330-0_12
DO - 10.1007/978-3-030-64330-0_12
M3 - Conference contribution
AN - SCOPUS:85098240767
SN - 978-3-030-64329-4
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 185
EP - 202
BT - Computer Security - ESORICS 2020 International Workshops, CyberICPS, SECPRE, and ADIoT, 2020, Revised Selected Papers
A2 - Katsikas, Sokratis
A2 - Cuppens, Frédéric
A2 - Cuppens, Nora
A2 - Lambrinoudakis, Costas
A2 - Kalloniatis, Christos
A2 - Mylopoulos, John
A2 - Antón, Annie
A2 - Gritzalis, Stefanos
A2 - Meng, Weizhi
A2 - Furnell, Steven
PB - Springer
T2 - 6th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2020, 2nd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2020, and 3rd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2020, held in conjunction with 25th European Symposium on Research in Computer Security, ESORICS 2020
Y2 - 14 September 2020 through 18 September 2020
ER -