Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS

Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS

Shamal Faily (University of Oxford, UK) and Ivan Fléchais (University of Oxford, UK)
DOI: 10.4018/978-1-4666-1580-9.ch015


Understanding how to better elicit, specify, and manage requirements for secure and usable software systems is a key challenge in security software engineering, however, there lacks tool-support for specifying and managing the voluminous amounts of data the associated analysis yields. Without these tools, the subjectivity of analysis may increase as design activities progress. This paper describes CAIRIS (Computer Aided Integration of Requirements and Information Security), a step toward tool-support for usable secure requirements engineering. CAIRIS not only manages the elements associated with task, requirements, and risk analysis, it also supports subsequent analysis using novel approaches for analysing and visualising security and usability. The authors illustrate an application of CAIRIS by describing how it was used to support requirements analysis in a critical infrastructure case study.
Chapter Preview

We are unaware of any single tool purporting to support the analysis of usability, requirements, and risk analysis. Some coverage is, however, provided by existing tools in each of these areas, and presented in the following sections.

Complete Chapter List

Search this Book: