Evaluating Usability, Security, and Trustworthiness of Ad-hoc Collaborative Environments
Ensuring confidence in collaborative working is an important concern; Government work is increasingly collaborative in
nature and needs to be enabled by advances in ICT supporting the provision of collaborative working environments. Part of
this challenge involves managing rapidly changing situations, where prospective collaborators join and existing collaborators
leave a coalition, without compromising security requirements.
The aim of the EUSTACE project is to develop a decision-making framework and tool support for rapidly evaluating the security implications of ad-hoc collaborative work. We propose a framework that reuses existing models in Security, HCI, and Computer Science and makes these amenable to automated analysis and tool support.
The framework describes how formal specifications of implied behaviour are generated from existing usability and system models (such as personas and use cases) and combined with formal specifications of security requirements (derived from existing policies and requirements). A model checker is then used to analyse these specifications for failures and contradictions. These are then visualised in a collaborative work model that captures elements of the system, its users and their activities. The failures and contradictions are then highlighted in this model, providing the means of rapidly evaluating whether a proposed collaboration is likely to create security problems.
Guidelines for Integrating Personas into Software Engineering Tools
Shamal Faily and John Lyle
In Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems. Pages 69–74. 2013.
Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract)
Shamal Faily‚ David Power‚ Philip Armstrong and Ivan Flechais
In Trust and Trustworthy Computing‚ 6th International Conference‚ TRUST 2013. 2013.