Identifying Implicit Vulnerabilities Through Personas as Goal Models

Faily, Shamal; Iacob, Claudia; Ali, Raian; Ki-Aries, Duncan

doi:10.1007/978-3-030-64330-0_12

Cited by 2 publications

(2 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To integrate personas into goal-oriented security RE, this paper presents a tool-supported approach for visualising personas as goal models, and extends previous work presented at the fourth International Workshop on Security and Privacy RE (Faily et al, 2020a). In doing so, we provide two examples of how this approach can identify security tensions.…”

Section: Introductionmentioning

confidence: 85%

Visualising personas as goal models to find security tensions

Faily

Iacob

Ali

et al. 2021

ICS

Self Cite

View full text Add to dashboard Cite

Purpose This paper aims to present a tool-supported approach for visualising personas as social goal models, which can subsequently be used to identify security tensions. Design/methodology/approach The authors devised an approach to partially automate the construction of social goal models from personas. The authors provide two examples of how this approach can identify previously hidden implicit vulnerabilities and validate ethical hazards faced by penetration testers and their safeguards. Findings Visualising personas as goal models makes it easier for stakeholders to see implications of their goals being satisfied or denied and designers to incorporate the creation and analysis of such models into the broader requirements engineering (RE) tool-chain. Originality/value The approach can be used with minimal changes to existing user experience and goal modelling approaches and security RE tools.

show abstract

Section: Introductionmentioning

confidence: 85%

Visualising personas as goal models to find security tensions

Faily

Iacob

Ali

et al. 2021

ICS

Self Cite

View full text Add to dashboard Cite

show abstract

“…QDA, and in particular GT, has been used to develop models [5-7, 26, 27, 50], requirements [8,10,40,45], personas [17,18,34], and architectures [3,21]. QDAcity-RE is also focused on producing models.…”

Section: Related Workmentioning

confidence: 99%

A validation of QDAcity-RE for domain modeling using qualitative data analysis

et al. 2021

View full text Add to dashboard Cite

Using qualitative data analysis (QDA) to perform domain analysis and modeling has shown great promise. Yet, the evaluation of such approaches has been limited to single-case case studies. While these exploratory cases are valuable for an initial assessment, the evaluation of the efficacy of QDA to solve the suggested problems is restricted by the common single-case case study research design. Using our own method, called QDAcity-RE, as the example, we present an in-depth empirical evaluation of employing qualitative data analysis for domain modeling using a controlled experiment design. Our controlled experiment shows that the QDA-based method leads to a deeper and richer set of domain concepts discovered from the data, while also being more time efficient than the control group using a comparable non-QDA-based method with the same level of traceability.

show abstract

Identifying Implicit Vulnerabilities Through Personas as Goal Models

Cited by 2 publications

References 24 publications

Visualising personas as goal models to find security tensions

Visualising personas as goal models to find security tensions

A validation of QDAcity-RE for domain modeling using qualitative data analysis

Contact Info

Product

Resources

About