Skip to content

Identifying implicit vulnerabilities through personas as goal models

Research output: Chapter in Book/Report/Conference proceedingConference contribution

When used in requirements processes and tools, personas have the potential to identify vulnerabilities resulting from misalignment between user expectations and system goals. Typically, however, this potential is unfulfilled as personas and system goals are captured with different mindsets, by different teams, and for different purposes. If personas are visualised as goal models, it may be easier for stakeholders to see implications of their goals being satisfied or denied, and designers to incorporate the creation and analysis of such models into the broader RE tool-chain. This paper outlines a tool-supported approach for finding implicit vulnerabilities from user and system goals by reframing personas as social goal models. We illustrate this approach with a case study where previously hidden vulnerabilities based on human behaviour were identified.

Original languageEnglish
Title of host publicationComputer Security - ESORICS 2020 International Workshops, CyberICPS, SECPRE, and ADIoT, 2020, Revised Selected Papers
EditorsSokratis Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Christos Kalloniatis, John Mylopoulos, Annie Antón, Stefanos Gritzalis, Weizhi Meng, Steven Furnell
PublisherSpringer
Pages185-202
Number of pages18
ISBN (Electronic)978-3-030-64330-0
ISBN (Print)978-3-030-64329-4
DOIs
Publication statusPublished - 17 Dec 2020
Event6th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2020, 2nd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2020, and 3rd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2020, held in conjunction with 25th European Symposium on Research in Computer Security, ESORICS 2020 - Guildford, United Kingdom
Duration: 14 Sep 202018 Sep 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12501 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference6th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2020, 2nd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2020, and 3rd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2020, held in conjunction with 25th European Symposium on Research in Computer Security, ESORICS 2020
CountryUnited Kingdom
CityGuildford
Period14/09/2018/09/20

Documents

  • Faily_et_al_2020_AAM

    Rights statement: This is a post-peer-review, pre-copyedit version of an article published in Katsikas S. et al. (eds) Computer Security. CyberICPS 2020, SECPRE 2020, ADIoT 2020. Lecture Notes in Computer Science, vol 12501. Springer, Cham. The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-030-64330-0_12.

    Accepted author manuscript (Post-print), 1.26 MB, PDF document

    Due to publisher’s copyright restrictions, this document is not freely available to download from this website until: 17/12/21

Related information

Relations Get citation (various referencing formats)

ID: 25538914