Manage your security, usability, and design artifacts in one place

From assets to countermeasures, factoids to personas, and requirements to architectural components, enter or import a wide range of security, usability, and requirements data to find new insights ranging from interconnections between requirements and risks, to the justification behind persona characteristics.

Visualise your design from different perspectives

No single view captures a complex system, so automatically generate 12 different views of your emerging design from perspectives ranging from people, risks, requirements, architecture, and even physical location.

Threat model as you design

Automatically generate threat models such as Data Flow Diagrams (DFDs) as your early stage design evolves.

Leverage attack and architectural patterns

Leverage open source intelligence about potential attacks and candidate security architectures to measure your attack surface.

Rationalise your risks

Show all the security, usability, and design elements associated with your product's risks.

Create beautiful specifications

Generate a range of documentation from Volere compliant requirement specifications to GDPR DPIA documents.

What is CAIRIS?

CAIRIS stands for Computer Aided Integration of Requirements and Information Security. It is a platform for eliciting, specifying, and validating secure and usable systems. It was built from the ground up to support all the elements necessary for usability, requirements, and risk analysis.

  • What does CAIRIS do that other tools do not?

    Some tools focus on the specification of requirements. Others focus on modelling threats. Still, others are centred around managing UX data. CAIRIS is the only tool that does all of this (and more). CAIRIS is also the only security design tool that supports the notion of environments, making it possible to model contexts of use.

  • Is CAIRIS free?

    Yes. CAIRIS has been made freely available under an Apache Software License.

  • Why do I need CAIRIS?

    We expect security to be 'built in' software, but software is useless if people can't or won't use it. We built CAIRIS to support the activities need to build security AND usability into the earliest stages of software design. Additionally, by using CAIRIS as the repository for data you collect, you benefit from CAIRIS' automatic analysis and visualisation capabilities.

  • Can I see CAIRIS in action?

    We have a live demo where you can play with two preloaded models.