Title

Crowd Sourcing the Creation of Personae Non Gratae for Requirements-Phase Threat Modeling

Document Type

Conference Proceeding

Publication Date

2017

Publication Title

2017 IEEE 25th International Requirements Engineering Conference

Keywords

security, online banking, drones, requirements engineering, merging, conferences, software systems, threat modeling

Disciplines

Business | Management Information Systems

Abstract

Security threats should be identified in the early phases of a project so that design solutions can be explored and mitigating requirements specified. In this paper, we present a crowd-sourcing approach for creating Personae non Gratae (PnGs), which model attack goals and techniques of unwanted, potentially malicious users. We present a proof of concept study that takes a diverse collection of potentially redundant PnGs and merges them into a single set. Our approach combines machine learning techniques and visualization. It is illustrated and evaluated using a collection of PnGs collected from undergraduate students for a drone-based rescue scenario. Lessons learned from the proof of concept study are discussed and lay the foundations for future work.

DOI

10.1109/RE.2017.63

Share

COinS