论文信息 - Human-Centered Specification Exemplars for Critical Infrastructure Environments

Human-Centered Specification Exemplars for Critical Infrastructure Environments

Specification models of critical infrastructure focus on parts of a larger environment. However, to consider the security of critical infrastructure systems, we need approaches for modelling the sum of these parts; these include people and activities, as well as technology. This paper present human-centered specification exemplars that capture the nuances associated with interactions between people, technology, and critical infrastructure environments. We describe requirements each exemplar needs to satisfy, and present preliminary results developing and evaluating them.

[1] Shamal Faily,et al. Barry is not the weakest link: eliciting secure system requirements with personas , 2010, BCS HCI.

[2] Kristian Beckers,et al. A Serious Game for Eliciting Social Engineering Security Requirements , 2016, 2016 IEEE 24th International Requirements Engineering Conference (RE).

[3] Shamal Faily,et al. User-Centered Information Security Policy Development in a Post-Stuxnet World , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[4] Axel van Lamsweerde,et al. Requirements Engineering: From System Goals to UML Models to Software Specifications , 2009 .

[5] Shamal Faily,et al. "Water, Water, Every Where": Nuances for a Water Industry Critical Infrastructure Specification Exemplar , 2015, CRITIS.

[6] Alan Cooper,et al. The Inmates Are Running the Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity (2nd Edition) , 1999 .

[7] M. Angela Sasse,et al. Bringing security home: a process for developing secure and usable systems , 2003, NSPW '03.

[8] Martin S. Feather,et al. Requirements and Specification Exemplars , 1997, Automated Software Engineering.

[9] Shamal Faily,et al. A meta-model for usable secure requirements engineering , 2010, SESS '10.