Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS

Abstract

Understanding how to better elicit, specify, and manage requirements for secure and usable software systems is a key challenge in security software engineering, however, there lacks tool-support for specifying and managing the voluminous amounts of data the associated analysis yields. Without these tools, the subjectivity of analysis may increase as design activities progress. This paper describes CAIRIS (Computer Aided Integration of Requirements and Information Security), a step toward tool-support for usable secure requirements engineering. CAIRIS not only manages the elements associated with task, requirements, and risk analysis, it also supports subsequent analysis using novel approaches for analysing and visualising security and usability. The authors illustrate an application of CAIRIS by describing how it was used to support requirements analysis in a critical infrastructure case study.