A framework of usable and secure system designReportar como inadecuado

A framework of usable and secure system design - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

Reference: Shamal Faily, (2011). A framework of usable and secure system design. DPhil. University of Oxford.Citable link to this page:


A framework of usable and secure system design

Abstract: Despite existing work on dealing with security and usability concerns during the early stages of design, there has been little work on synthesising the contributions of these fields into processes for specifying and designing systems. Without a better understanding of how to deal with both concerns at an early stage, the design process risks disenfranchising stakeholders, and resulting systems may not be situated in their contexts of use.The research problem this thesis addresses is how techniques and tools can be integrated and improved to support the design of usable and secure systems. To develop this understanding, we present IRIS (Integrating Requirements and Information Security) --- a framework for specifying usable and secure systems. IRIS considers the system design process from three different perspectives --- Usability, Security, and Requirements --- and guides the selection of techniques towards integrative Security, Usability, and Requirements Engineering processes.This thesis claims that IRIS is an exemplar for integrating existing techniques and tools towards the design of usable and secure systems. In particular, IRIS makes three significant contributions towards the stated research problem. First, a conceptual model for usable secure Requirements Engineering is presented, upon which the IRIS framework is founded; this meta-model informs changes to elicitation and specification techniques for improved interoperability in the design process. Second, several characteristics of tool-support needed to elicit and specify usable and secure systems are introduced; the CAIRIS (Computer Aided Integration of Requirements and Information Security) software tool is presented to illustrate how these characteristics can be embodied. Third, we describe how the results of applying IRIS can be used to improve the design of existing User-Centered Design techniques for secure systems design.We validate the thesis by applying the IRIS framework to three case studies. In the first, IRIS is used to specify requirements for a software repository used by a UK water company. In the second, IRIS is used to specify security requirements for a meta-data repository supporting the sharing of medical research data. In the final case study, IRIS is used to analyse a proposed security policy at a UK water company, and identify missing policy requirements. In each case study, IRIS is applied within the context of an Action Research intervention, where findings and lessons from one case study are fed into the action plan of the next.

Digital Origin:Born digital Type of Award:DPhil Level of Award:Doctoral Awarding Institution: University of Oxford


Dr Ivan FlechaisMore by this contributor


 Bibliographic Details

Issue Date: 2011

Copyright Date: 2011 Identifiers

Urn: uuid:520b939f-b1d9-4a53-9a47-21f0ffcfd68d Item Description

Type: thesis;

Language: en Keywords: Requirements Engineering HCI Information SecuritySubjects: Computing Software engineering Tiny URL: ora:5561


Autor: Shamal Faily - institutionUniversity of Oxford facultyMathematical,Physical and Life Sciences Division - Computer Science,Departm

Fuente: https://ora.ox.ac.uk/objects/uuid:520b939f-b1d9-4a53-9a47-21f0ffcfd68d


Documentos relacionados