Bringing security home: A process for developing secure and usable systems.
Proceedings New Security Paradigms Workshop.
(pp. 49 - 57).
The aim of this paper is to provide better support for the development of secure systems. We argue that current development practice suffers from two key problems: 1. Security requirements tend to be kept separate from other system requirements, and not integrated into any overall strategy. 2. The impact of security measures on users and the operational cost of these measures on a day-to-day basis are usually not considered. Our new paradigm is the full integration of security and usability concerns into the software development process, thus enabling developers to build secure systems that work in the real world. We present AEGIS, a secure software engineering method which integrates asset identification, risk and threat analysis and context of use, bound together through the use of UML, and report its application to case studies on Grid projects. An additional benefit of the method is that the involvement of stakeholders in the high-level security analysis improves their understanding of security, and increases their motivation to comply with policies. © 2004 ACM.
|Title:||Bringing security home: A process for developing secure and usable systems|
|UCL classification:||UCL > School of BEAMS > Faculty of Engineering Science > Computer Science|
Archive Staff Only