CAIRIS

Design and Evolution

A Meta-Model for Usable Secure Requirements Engineering

fafl102

The conceptual model upon which CAIRIS is built.

Analysing and Visualising Security and Usability in IRIS

fafl101

How CAIRIS qualitatively and quantitively analyses and visualises the results of risk and task analysis

Software for interactive secure systems design: Lessons learned developing and applying CAIRIS

fafl121

The motivation for building CAIRIS, including a summary of how it was built and evaluated, and some initial experiences applying it to real world case studies.

Model-driven architectural risk analysis using architectural and contextualised attack patterns

faln12

Illustrates how architectural and contextualised attack patterns can be used to formalise the elements of architectural attacks and possible defences.

Guidelines for integrating personas into software engineering tools

faly131

Four guidelines that software engineering tools should incorporate to support the design and evolution of personas.

### Eliciting and Visualising Trust Expectations using Persona Trust Characteristics and Goal Models

fafl142

An approach for eliciting and visualising differences between trust expectations using persona cases, goal models, and CAIRIS.

Finding and Resolving Security Misusability with Misusability Cases

mucImage

Illustrates how CAIRIS can help devise scenarios that describe how design decisions lead to usability problems subsequently leading to misuse.

Design as Code: Facilitating Collaboration between Usability and Security Engineers using CAIRIS

faia17Image

Shows how the CAIRIS web app and its models act as a vehicle for collaboration between usability and security engineers.

Case Studies using CAIRIS

### Towards tool-support for Usable Secure Requirements Engineering with CAIRIS

fafl103Image

Using CAIRIS to support requirements analysis for a software repository for critical infrastructure software.

### Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework

fafl114Image

Using CAIRIS and the IRIS framework together to derive missing requirements for a UK water company’s information security policy following reports of StuxNet.

### Here’s Johnny: a Methodology for Developing Attacker Personas

atfa11Image

Using CAIRIS to support an approach for developing attacker personas which are both grounded and validated by open source data about attackers.

### Requirements sensemaking using concept maps

fapa12Image

Using CAIRIS to support the use of concept mapping to both make sense of and improve the quality of requirements specifications.

### Usability and Security by Design: A Case Study in Research and Development

flfs15Image

A three-year study where CAIRIS supported the application of security and usability techniques in a research and development project.

### Engaging stakeholders during late stage security design with assumption personas

fail15Image

Using CAIRIS to support an approach for developing assumption personas for design sessions during the late stages of an e-Science system’s design.