Design and Evolution

A Meta-Model for Usable Secure Requirements Engineering


The conceptual model upon which CAIRIS is built.

Analysing and Visualising Security and Usability in IRIS


How CAIRIS qualitatively and quantitively analyses and visualises the results of risk and task analysis

Software for interactive secure systems design: Lessons learned developing and applying CAIRIS


The motivation for building CAIRIS, including a summary of how it was built and evaluated, and some initial experiences applying it to real world case studies.

Model-driven architectural risk analysis using architectural and contextualised attack patterns


Illustrates how architectural and contextualised attack patterns can be used to formalise the elements of architectural attacks and possible defences.

Guidelines for integrating personas into software engineering tools


Four guidelines that software engineering tools should incorporate to support the design and evolution of personas.

### Eliciting and Visualising Trust Expectations using Persona Trust Characteristics and Goal Models


An approach for eliciting and visualising differences between trust expectations using persona cases, goal models, and CAIRIS.

Finding and Resolving Security Misusability with Misusability Cases


Illustrates how CAIRIS can help devise scenarios that describe how design decisions lead to usability problems subsequently leading to misuse.

Design as Code: Facilitating Collaboration between Usability and Security Engineers using CAIRIS


Shows how the CAIRIS web app and its models act as a vehicle for collaboration between usability and security engineers.

Case Studies using CAIRIS

### Towards tool-support for Usable Secure Requirements Engineering with CAIRIS


Using CAIRIS to support requirements analysis for a software repository for critical infrastructure software.

### Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework


Using CAIRIS and the IRIS framework together to derive missing requirements for a UK water company’s information security policy following reports of StuxNet.

### Here’s Johnny: a Methodology for Developing Attacker Personas


Using CAIRIS to support an approach for developing attacker personas which are both grounded and validated by open source data about attackers.

### Requirements sensemaking using concept maps


Using CAIRIS to support the use of concept mapping to both make sense of and improve the quality of requirements specifications.

### Usability and Security by Design: A Case Study in Research and Development


A three-year study where CAIRIS supported the application of security and usability techniques in a research and development project.

### Engaging stakeholders during late stage security design with assumption personas


Using CAIRIS to support an approach for developing assumption personas for design sessions during the late stages of an e-Science system’s design.