Abstract
Purpose This paper aims to present a tool-supported approach for visualising personas as social goal models, which can subsequently be used to identify security tensions. Design/methodology/approach The authors devised an approach to partially automate the construction of social goal models from personas. The authors provide two examples of how this approach can identify previously hidden implicit vulnerabilities and validate ethical hazards faced by penetration testers and their safeguards. Findings Visualising personas as goal models makes it easier for stakeholders to see implications of their goals being satisfied or denied and designers to incorporate the creation and analysis of such models into the broader requirements engineering (RE) tool-chain. Originality/value The approach can be used with minimal changes to existing user experience and goal modelling approaches and security RE tools.
Highlights
Software products and services cannot be secure unless they are usable (Association for Computer Machinery, 2018), yet too often security and usability are considered as a tradeoff, i.e. you cannot have one without sacrificing the other
To integrate personas into goal-oriented security requirements engineering (RE), this paper presents a tool-supported approach for visualising personas as goal models, and extends previous work presented at the fourth International Workshop on Security and Privacy RE (Faily et al, 2020a)
Friedman and Hendry (2019) propose the idea of value personas that encapsulate key values and different value tensions both within and between other personas. If such values inform the elicitation of subsequently analysed data, social goal models can be used to explore the strengthening and weakening of different tensions related to areas such as security, privacy and trust
Summary
Software products and services cannot be secure unless they are usable (Association for Computer Machinery, 2018), yet too often security and usability are considered as a tradeoff, i.e. you cannot have one without sacrificing the other. The full terms of this licence may be seen at http://creativecommons.org/licences/by/4.0/legalcode
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
