To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design

Authors:
Shamal Faily;Ivan Flechais
Affiliations:
University of Oxford, Oxford, United Kingdom;University of Oxford, Oxford, United Kingdom
Venue:
Proceedings of the 2010 workshop on New security paradigms
Year:
2010

Citing 22
Cited 0

The innovator's dilemma: when new technologies cause great firms to fail

The innovator's dilemma: when new technologies cause great firms to fail
Systems architecture: product designing and social engineering

WACC '99 Proceedings of the international joint conference on Work activities coordination and collaboration
Coping with systems risk: security planning models for management decision making

MIS Quarterly
Users are not the enemy

Communications of the ACM
Investigating information systems with action research

Communications of the AIS
Weaving Together Requirements and Architectures

Computer
Eureka! Why Analysts Should Invent Requirements

IEEE Software
Ambiguity as a resource for design

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Software Architecture in Practice

Software Architecture in Practice
Managing information systems security: a soft approach

ISCNZ '96 Proceedings of the 1996 Information Systems Conference of New Zealand (ISCNZ '96)
Threat Modeling

Threat Modeling
Bringing security home: a process for developing secure and usable systems

Proceedings of the 2003 workshop on New security paradigms
Entrepreneurial capabilities: Is entrepreneurship action research in disguise?

AI & Society
Making by making strange: Defamiliarization and the design of domestic technologies

ACM Transactions on Computer-Human Interaction (TOCHI)
NeuroGrid: Using Grid Technology to Advance Neuroscience

CBMS '05 Proceedings of the 18th IEEE Symposium on Computer-Based Medical Systems
Biomedical Informatics Research Network: Integrating Multi-Site Neuroimaging Data Acquisition, Data Sharing and Brain Morphometric Processing

CBMS '05 Proceedings of the 18th IEEE Symposium on Computer-Based Medical Systems
SSH, the Secure Shell: The Definitive Guide

SSH, the Secure Shell: The Definitive Guide
Model-based security analysis in seven steps --- a guided tour to the CORAS method

BT Technology Journal
Why Johnny can't encrypt: a usability evaluation of PGP 5.0

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Inventing Requirements with Creativity Support Tools

REFSQ '09 Proceedings of the 15th International Working Conference on Requirements Engineering: Foundation for Software Quality
So long, and no thanks for the externalities: the rational rejection of security advice by users

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
A meta-model for usable secure requirements engineering

Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

When designing secure systems, we are inundated with an eclectic mix of security and non-security requirements; this makes predicting a successful outcome from the universe of possible security design decisions a difficult problem. We propose augmenting the process of security design with the paradigm of Security Entrepreneurship: the application of innovation models and principles to organise, create, and manage security design elements to bring about improved system security. We propose three initial Security Entrepreneurship techniques as examples of this paradigm, describe how their underlying models align with secure systems design, and help predict the social and technical impact of possible design decisions. We also pose a number of thought experiments, and suggest possible research agendas for Security Entrepreneurship.