Integrating security and usability into the requirements and design process

According to Ross Anderson, 'Many systems fail because their designers protect the wrong things or protect the right things in the wrong way'. Surveys also show that security incidents in industry are rising, which highlights the difficulty of designing good security. Some recent approaches have targeted security from the technological perspective, others from the human computer interaction angle, offering better User Interfaces (UIs) for improved usability of security mechanisms. However, usability issues also extend beyond the user interface and should be considered during system requirements and design. In this paper, we describe Appropriate and Effective Guidance for Information Security (AEGIS), a methodology for the development of secure and usable systems. AEGIS defines a development process and a UML meta-model of the definition and the reasoning over the system's assets. AEGIS has been applied to case studies in the area of Grid computing and we report on one of these.

[1]  Helen L. James,et al.  Managing information systems security: a soft approach , 1996, Proceedings of 1996 Information Systems Conference of New Zealand.

[2]  M. Angela Sasse,et al.  Bringing security home: a process for developing secure and usable systems , 2003, NSPW '03.

[3]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[4]  Daniel E. Geer,et al.  Information security is information risk management , 2001, NSPW '01.

[5]  Giovanni Denaro,et al.  Performance Testing of Distributed Component Architectures , 2005 .

[6]  Mehdi Jazayeri On Architectural Stability and Evolution , 2002, Ada-Europe.

[7]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[8]  Barry W. Boehm,et al.  A spiral model of software development and enhancement , 1986, Computer.

[9]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[10]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[11]  Axel Uhl,et al.  Model-Driven Architecture , 2002, OOIS Workshops.

[12]  Karen Holtzblatt,et al.  Contextual design , 1997, INTR.

[13]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[14]  Bruce Schneier,et al.  Beyond fear - thinking sensibly about security in an uncertain world , 2003 .

[15]  M. Angela Sasse,et al.  Safe and sound: a safety-critical approach to security , 2001, NSPW '01.

[16]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[17]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[18]  Ka-Ping Yee,et al.  User Interaction Design for Secure Systems , 2002, ICICS.

[19]  Cecília M. F. Rubira,et al.  A Fault-Tolerant Software Architecture for Component-Based Systems , 2002, WADS.