UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Bringing security home: A process for developing secure and usable systems

Flechais, I; Sasse, MA; Hailes, SMV; (2003) Bringing security home: A process for developing secure and usable systems. In: Proceedings of the NSPW '03: workshop on New security paradigms 2003. (pp. pp. 49-57). ACM: Ascona, Switzerland. Green open access

[thumbnail of Sasse_Flechais%2BSasse%2BHailes_Bringing Security Home_ACSAC2003.pdf]
Preview
Text
Sasse_Flechais%2BSasse%2BHailes_Bringing Security Home_ACSAC2003.pdf

Download (203kB) | Preview

Abstract

The aim of this paper is to provide better support for the development of secure systems. We argue that current development practice suffers from two key problems: 1. Security requirements tend to be kept separate from other system requirements, and not integrated into any overall strategy. 2. The impact of security measures on users and the operational cost of these measures on a day-to-day basis are usually not considered. Our new paradigm is the full integration of security and usability concerns into the software development process, thus enabling developers to build secure systems that work in the real world. We present AEGIS, a secure software engineering method which integrates asset identification, risk and threat analysis and context of use, bound together through the use of UML, and report its application to case studies on Grid projects. An additional benefit of the method is that the involvement of stakeholders in the high-level security analysis improves their understanding of security, and increases their motivation to comply with policies.

Type: Proceedings paper
Title: Bringing security home: A process for developing secure and usable systems
Event: NSPW '03: workshop on New security paradigms 2003
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/986655.986664
Publisher version: https://doi.org/10.1145/986655.986664
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/19829
Downloads since deposit
125Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item