Contextual design: defining customer-centered systems
Contextual design: defining customer-centered systems
Security engineering in an evolutionary acquisition environment
Proceedings of the 1998 workshop on New security paradigms
Communications of the ACM
Safe and sound: a safety-critical approach to security
Proceedings of the 2001 workshop on New security paradigms
Information security is information risk management
Proceedings of the 2001 workshop on New security paradigms
Pretty good persuasion: a first step towards effective password security in the real world
Proceedings of the 2001 workshop on New security paradigms
The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The trouble with login: on usability and computer security in ubiquitous computing
Personal and Ubiquitous Computing
Is usable security an oxymoron?
interactions - A contradiction in terms?
Extending XP practices to support security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Aligning usability and security: a usability study of Polaris
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Investigation of IS professionals' intention to practise secure development of applications
International Journal of Human-Computer Studies
A risk-driven security analysis method and modelling language
BT Technology Journal
Security software engineering: do it the right way
SEPADS'07 Proceedings of the 6th WSEAS International Conference on Software Engineering, Parallel and Distributed Systems
Integrating security and usability into the requirements and design process
International Journal of Electronic Security and Digital Forensics
Applying an open application security process to a clinical information system: a case study
Proceedings of the 2008 C3S2E conference
Collective information practice: emploring privacy and security as social and cultural phenomena
Human-Computer Interaction
International Journal of Human-Computer Studies
The compliance budget: managing security behaviour in organisations
Proceedings of the 2008 workshop on New security paradigms
Proceedings of the 2008 workshop on New security paradigms
Reusable security use cases for mobile grid environments
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Proceedings of the 2010 workshop on New security paradigms
Firms' information security investment decisions: Stock market evidence of investors' behavior
Decision Support Systems
Systematic design of secure Mobile Grid systems
Journal of Network and Computer Applications
Integrity quantification model for object oriented design
ACM SIGSOFT Software Engineering Notes
Hi-index | 0.00 |
The aim of this paper is to provide better support for the development of secure systems. We argue that current development practice suffers from two key problems:1. Security requirements tend to be kept separate from other system requirements, and not integrated into any overall strategy.2. The impact of security measures on users and the operational cost of these measures on a day-to-day basis are usually not considered.Our new paradigm is the full integration of security and usability concerns into the software development process, thus enabling developers to build secure systems that work in the real world. We present AEGIS, a secure software engineering method which integrates asset identification, risk and threat analysis and context of use, bound together through the use of UML, and report its application to case studies on Grid projects. An additional benefit of the method is that the involvement of stakeholders in the high-level security analysis improves their understanding of security, and increases their motivation to comply with policies.