Contextual design: defining customer-centered systems
Contextual design: defining customer-centered systems
Computer security
Communications of the ACM
Safe and sound: a safety-critical approach to security
Proceedings of the 2001 workshop on New security paradigms
User Interaction Design for Secure Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
On Architectural Stability and Evolution
Ada-Europe '02 Proceedings of the 7th Ada-Europe International Conference on Reliable Software Technologies
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Managing information systems security: a soft approach
ISCNZ '96 Proceedings of the 1996 Information Systems Conference of New Zealand (ISCNZ '96)
Beyond Fear: Thinking Sensibly about Security in an Uncertain World
Beyond Fear: Thinking Sensibly about Security in an Uncertain World
Bringing security home: a process for developing secure and usable systems
Proceedings of the 2003 workshop on New security paradigms
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A fault-tolerant software architecture for component-based systems
Architecting dependable systems
Proceedings of the 4th symposium on Usable privacy and security
International Journal of Human-Computer Studies
Research on software design level security vulnerabilities
ACM SIGSOFT Software Engineering Notes
Physical access control administration using building information models
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS
International Journal of Secure Software Engineering
Eliciting Policy Requirements for Critical National Infrastructure Using the IRIS Framework
International Journal of Secure Software Engineering
Hi-index | 0.00 |
According to Ross Anderson, 'Many systems fail because their designers protect the wrong things or protect the right things in the wrong way'. Surveys also show that security incidents in industry are rising, which highlights the difficulty of designing good security. Some recent approaches have targeted security from the technological perspective, others from the human computer interaction angle, offering better User Interfaces (UIs) for improved usability of security mechanisms. However, usability issues also extend beyond the user interface and should be considered during system requirements and design. In this paper, we describe Appropriate and Effective Guidance for Information Security (AEGIS), a methodology for the development of secure and usable systems. AEGIS defines a development process and a UML meta-model of the definition and the reasoning over the system's assets. AEGIS has been applied to case studies in the area of Grid computing and we report on one of these.