Crowd Sourcing the Creation of Personae Non Gratae for Requirements-Phase Threat Modeling
2017 IEEE 25th International Requirements Engineering Conference
security, online banking, drones, requirements engineering, merging, conferences, software systems, threat modeling
Business | Management Information Systems
Security threats should be identified in the early phases of a project so that design solutions can be explored and mitigating requirements specified. In this paper, we present a crowd-sourcing approach for creating Personae non Gratae (PnGs), which model attack goals and techniques of unwanted, potentially malicious users. We present a proof of concept study that takes a diverse collection of potentially redundant PnGs and merges them into a single set. Our approach combines machine learning techniques and visualization. It is illustrated and evaluated using a collection of PnGs collected from undergraduate students for a drone-based rescue scenario. Lessons learned from the proof of concept study are discussed and lay the foundations for future work.
Spears, Janine, "Crowd Sourcing the Creation of Personae Non Gratae for Requirements-Phase Threat Modeling" (2017). Business Faculty Publications. 277.