Specification Exemplars for Security using CAIRIS


We have re-vamped the examples that come with CAIRIS, based on how CAIRIS is often used.

Rather than simply providing a sample model file, we have provided model files that constitute specification exemplars for security design. We have provided two types of models.


These are non-trivial personas created using the Persona Case technique. Examples include personas of penetration testers, and a plant operator in a water treatment plant.


These exemplify complete systems. The exemplars provided included a data grid for neuroscience research where different stakeholders have different ideas about security requirements. They also include a fictitious water company that needs to face up to new cybersecurity threats.

Each example page includes a link to a complete CAIRIS model file.

These examples are not contrived. The NeuroGrid exemplar was created based on data collected from people working on the actual NeuroGrid project. The ACME Water exemplar was based on interview, observations, and a security analysis carried out on a real (albeit anonymised) water company. You can read more about this analysis here

We are currently developing more specification exemplars. These will illustrate not only how CAIRIS works, but provide examples of security design models that researchers and practitioners can use to validate solutions, or educators can use to support teaching.