This document discusses frameworks for usable secure requirements engineering. It introduces the IRIS framework, which aims to specify software systems that are secure for their contexts of use. The document outlines some current problems, such as how to represent different environments. It also discusses how human-computer interaction approaches like ethnomethodology, contextual design, and value-centered design can help address issues of security usability. Finally, it provides an overview of the IRIS framework for specifying secure systems based on goals, tasks, personas, threats, and other factors related to the context of use.
The document discusses becoming a UX practitioner. It defines UX as involving performing user research, analyzing that research, and articulating the analysis into deliverables for developers. It notes that UX practitioners need a shared definition and language. The document outlines competencies for UX roles and how experience, education, and exposure can help someone achieve those competencies over time.
This document describes an ontology-based content management system for mobile learning environments. It discusses how ontologies can be used to model relationships between learning objects, competencies, curricula and tests. This allows for adaptive testing, competency mapping, contextual learning and other personalized learning experiences. The system uses a semantic mediawiki to develop and connect learning content to the ontology. This provides a flexible way to select, deliver and manage learning technologies and resources on mobile platforms.
This document discusses ontology-based content management in a mobilized learning environment. It introduces several projects using ontologies for tasks like personnel selection, lifelong learning, e-learning management, and context-sensitive education. Key aspects covered include defining ontologies, developing adaptive testing and curricula tied to ontology concepts, competency mapping, and creating a context-based mobilized learning environment. More information can be obtained by contacting the author.
Designing collaborative processes for requirementsRESGWorkshop
1) The document presents a collaborative pattern for facilitating user requirements elicitation workshops to help stakeholders agree on requirements.
2) The methodology uses Collaboration Engineering to design collaborative processes for recurring tasks. A pattern was designed using tasks diagnosis, decomposition, thinkLets choice, and validation.
3) The designed pattern language contains stages for scoping workshops to identify, analyze, define, prioritize, and agree to categorized user requirements.
The document discusses using requirements models at runtime to enable model-driven adaptation in dynamically adaptive systems. It proposes that dynamically adaptive systems can monitor assumptions modeled at design time using techniques like the i* modeling language. By monitoring these assumptions at runtime, systems can gain greater autonomy by allowing them to adapt their behavior based on changes to the assumptions. The document concludes that as systems are granted more autonomy, allowing them to monitor design-time assumptions using models could help guide their runtime adaptation behavior.
The document discusses developing techniques for requirements elicitation that explore stakeholder relationships and organizational context. It proposes identifying a network of stakeholders and their relationships, goals, and motivations through online questionnaires. Analyzing the resulting network could identify issues like communication problems or unclear roles that influence requirements. The approach differs from existing work by focusing on how stakeholders relate to each other and on organizational power dynamics. Case studies may explore its use for arts and theater organizations developing new websites or digital systems.
The document discusses becoming a UX practitioner. It defines UX as involving performing user research, analyzing that research, and articulating the analysis into deliverables for developers. It notes that UX practitioners need a shared definition and language. The document outlines competencies for UX roles and how experience, education, and exposure can help someone achieve those competencies over time.
This document describes an ontology-based content management system for mobile learning environments. It discusses how ontologies can be used to model relationships between learning objects, competencies, curricula and tests. This allows for adaptive testing, competency mapping, contextual learning and other personalized learning experiences. The system uses a semantic mediawiki to develop and connect learning content to the ontology. This provides a flexible way to select, deliver and manage learning technologies and resources on mobile platforms.
This document discusses ontology-based content management in a mobilized learning environment. It introduces several projects using ontologies for tasks like personnel selection, lifelong learning, e-learning management, and context-sensitive education. Key aspects covered include defining ontologies, developing adaptive testing and curricula tied to ontology concepts, competency mapping, and creating a context-based mobilized learning environment. More information can be obtained by contacting the author.
Designing collaborative processes for requirementsRESGWorkshop
1) The document presents a collaborative pattern for facilitating user requirements elicitation workshops to help stakeholders agree on requirements.
2) The methodology uses Collaboration Engineering to design collaborative processes for recurring tasks. A pattern was designed using tasks diagnosis, decomposition, thinkLets choice, and validation.
3) The designed pattern language contains stages for scoping workshops to identify, analyze, define, prioritize, and agree to categorized user requirements.
The document discusses using requirements models at runtime to enable model-driven adaptation in dynamically adaptive systems. It proposes that dynamically adaptive systems can monitor assumptions modeled at design time using techniques like the i* modeling language. By monitoring these assumptions at runtime, systems can gain greater autonomy by allowing them to adapt their behavior based on changes to the assumptions. The document concludes that as systems are granted more autonomy, allowing them to monitor design-time assumptions using models could help guide their runtime adaptation behavior.
The document discusses developing techniques for requirements elicitation that explore stakeholder relationships and organizational context. It proposes identifying a network of stakeholders and their relationships, goals, and motivations through online questionnaires. Analyzing the resulting network could identify issues like communication problems or unclear roles that influence requirements. The approach differs from existing work by focusing on how stakeholders relate to each other and on organizational power dynamics. Case studies may explore its use for arts and theater organizations developing new websites or digital systems.
Many UX designers have a blind spot when it comes to creating useful, usable content. If our goal is a great experience for users, then UX designers need to go beyond creating page templates and interaction models and focus on content strategy.
This workshop used the familiar UX design process to talk about how content strategy contributes to activities and deliverables.
A UX practitioner performs user research, analyzes findings through synthesis, and articulates deliverables to guide product development. UX requires a combination of skills including empathy, synthesis, and articulation. Practitioners can achieve competency through formal education, workshops, internships, or years of relevant experience. Getting involved in local UX events and following blogs are other ways to progress in this field.
The document discusses various types of design research mapped across two dimensions: research-led versus design-led, and expert mindset versus participatory mindset. It provides examples of different approaches such as contextual inquiry, lead user innovation, and co-design methods. The overview aims to help designers select the most appropriate research approach based on their goals and the needs of their project.
1. Information architecture is becoming increasingly important as businesses transition fully to the digital space.
2. User-centered design principles should be at the core of how information architecture and interaction design are approached to ensure solutions meet user needs.
3. The motivations, needs, and experiences of users must be understood through techniques like cognitive empathy in order to create compassionate and effective digital solutions.
This document discusses content strategy and how it has become essential for organizations. It outlines how the role of content strategist has expanded from focusing solely on information architecture to encompassing a broader set of responsibilities including content planning, governance, and quality evaluation. The presentation emphasizes that effective content strategy requires looking beyond templates to consider user needs and evaluating existing content. It provides examples of how to think more holistically about an organization's content needs.
Service design is an interdisciplinary approach that combines tools from various disciplines to create well-designed experiences. It focuses on defining services through requirements analysis, understanding user needs, discovering opportunities through co-creation, designing service concepts, and implementing solutions through prototyping. The goal is to innovate or improve existing services to make them more useful, usable, and desirable for end users.
UX Designers play many roles on a project. They must conduct primary end-user research, then utilize the findings to Design intuitive information architecture and interaction design, within the constraints of technical platforms.
Web content: it’s the meat in the sandwich, not the icing on the cake. So why does planning for useful, usable content get short shrift in the design and development process? Thinking about the content is always left until the last minute, always thought to be “somebody else’s problem.” Teams are forced into crisis mode at the 11th hour, trying to deal with content that arrives too late, doesn't fit in the designs, or fails to live up to user expectations. In this session, User Experience expert Karen McGrane will talk about why we fail to plan for content, and how everyone involved can help make the process run more smoothly.
20120725 "Value Co-creation in Tourism" in the 1st Conference on Human side o...Tatsunori Hara
This document discusses a research project that aims to incorporate non-expert tourists' designs into expert travel agencies' design of tourism services. It proposes an ecosystem where mass-produced packaged tours evolve to allow more customization and personalization through interactive tour planning systems. This would help attract more independent travelers while leveraging expertise in tour design. The project involves developing design support systems for travel experts and interactive planning tools for tourists to facilitate co-creative design. It also analyzes tourist activity data and "designs by non-experts" to continuously improve services.
MPOWERS is a platform that aims to align spoken dialogue system evaluation approaches through established norms and terminology. It implements user-friendly design conventions to ensure all evaluators share a common corpus of data and evaluation parameters. The platform provides customizable dashboards with commonly defined key performance indicators to give evaluators different analytical views of evaluation data in a goal-driven and data-driven process.
This document discusses engineering innovation and project delivery using Agile, Lean, and Envision principles. It summarizes Envision as a construction management tool that optimizes projects using Agile and Lean principles through features like time tracking, document management, 4D modeling, and business intelligence reporting. Implementing Envision can provide benefits like reduced costs, improved safety and transparency, and increased field productivity for owners, contractors, and field supervisors.
This document summarizes a workshop on creating customer-centered product visions using contextual design. The workshop will have participants analyze customer data to understand user needs and issues, then brainstorm ideas for addressing those needs. Participants will develop multiple visions for how new technologies could improve the customer experience. They will evaluate the visions and consolidate them into a coherent solution. The goal is to redesign products and services around customer needs revealed by contextual inquiry research methods.
Further probing the intersections of design, business, and innovation, swissnex San Francisco hosts a presentation on the new executive curriculum from the California College of the Arts (CCA), the Leading By Design Fellows Program.
Digital Architects provides digital strategy and design services. They help clients identify brand opportunities through digital integration and offer the best solution rather than the option with the highest margins. They have broad experience across different industries and focus on making money for clients. Some past clients include Sustainability Victoria, Transport Accident Commission, and Yering Station winery. For each, they conducted research, developed prototypes, and advocated for the client's needs throughout the process. Their goal is to create great customer experiences through digital channels that drive sales.
PROJECT INTERACTION is a 10-week program where students conceptualize designs to address issues in their community through an Understanding by Design approach. Students conduct market research like interviews and surveys to understand user needs, do ethnographic research through cultural probes to study human behavior, and use participatory design techniques like co-design to engage with users. They then brainstorm, prototype, test, and refine their design concepts. In the final week, students present their pitched design proposals to an audience seeking feedback on making their designs a reality.
A Method for Reusing and Re-engineering Non-ontological Resources for Buildin...Boris Villazón-Terrazas
To speed up the ontology development by reusing and re-engineering
non-ontological resources that have already reached some consensus by standardization bodies.
The Trento H&WB Territorial Lab is a living lab located in Trento, Italy that focuses on health and well-being. It is operated as a partnership between a consortium, social partners, SMEs, and insurance companies. The lab conducts long-term experiments with users in the community to develop and test services. It provides businesses opportunities to test services with users and access to data and research. For users it offers involvement in projects and commitment to improving health services. The lab's activities include monitoring elder daily activities, analyzing human behavior, visualizing data, and developing decision support and workflow systems.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Many UX designers have a blind spot when it comes to creating useful, usable content. If our goal is a great experience for users, then UX designers need to go beyond creating page templates and interaction models and focus on content strategy.
This workshop used the familiar UX design process to talk about how content strategy contributes to activities and deliverables.
A UX practitioner performs user research, analyzes findings through synthesis, and articulates deliverables to guide product development. UX requires a combination of skills including empathy, synthesis, and articulation. Practitioners can achieve competency through formal education, workshops, internships, or years of relevant experience. Getting involved in local UX events and following blogs are other ways to progress in this field.
The document discusses various types of design research mapped across two dimensions: research-led versus design-led, and expert mindset versus participatory mindset. It provides examples of different approaches such as contextual inquiry, lead user innovation, and co-design methods. The overview aims to help designers select the most appropriate research approach based on their goals and the needs of their project.
1. Information architecture is becoming increasingly important as businesses transition fully to the digital space.
2. User-centered design principles should be at the core of how information architecture and interaction design are approached to ensure solutions meet user needs.
3. The motivations, needs, and experiences of users must be understood through techniques like cognitive empathy in order to create compassionate and effective digital solutions.
This document discusses content strategy and how it has become essential for organizations. It outlines how the role of content strategist has expanded from focusing solely on information architecture to encompassing a broader set of responsibilities including content planning, governance, and quality evaluation. The presentation emphasizes that effective content strategy requires looking beyond templates to consider user needs and evaluating existing content. It provides examples of how to think more holistically about an organization's content needs.
Service design is an interdisciplinary approach that combines tools from various disciplines to create well-designed experiences. It focuses on defining services through requirements analysis, understanding user needs, discovering opportunities through co-creation, designing service concepts, and implementing solutions through prototyping. The goal is to innovate or improve existing services to make them more useful, usable, and desirable for end users.
UX Designers play many roles on a project. They must conduct primary end-user research, then utilize the findings to Design intuitive information architecture and interaction design, within the constraints of technical platforms.
Web content: it’s the meat in the sandwich, not the icing on the cake. So why does planning for useful, usable content get short shrift in the design and development process? Thinking about the content is always left until the last minute, always thought to be “somebody else’s problem.” Teams are forced into crisis mode at the 11th hour, trying to deal with content that arrives too late, doesn't fit in the designs, or fails to live up to user expectations. In this session, User Experience expert Karen McGrane will talk about why we fail to plan for content, and how everyone involved can help make the process run more smoothly.
20120725 "Value Co-creation in Tourism" in the 1st Conference on Human side o...Tatsunori Hara
This document discusses a research project that aims to incorporate non-expert tourists' designs into expert travel agencies' design of tourism services. It proposes an ecosystem where mass-produced packaged tours evolve to allow more customization and personalization through interactive tour planning systems. This would help attract more independent travelers while leveraging expertise in tour design. The project involves developing design support systems for travel experts and interactive planning tools for tourists to facilitate co-creative design. It also analyzes tourist activity data and "designs by non-experts" to continuously improve services.
MPOWERS is a platform that aims to align spoken dialogue system evaluation approaches through established norms and terminology. It implements user-friendly design conventions to ensure all evaluators share a common corpus of data and evaluation parameters. The platform provides customizable dashboards with commonly defined key performance indicators to give evaluators different analytical views of evaluation data in a goal-driven and data-driven process.
This document discusses engineering innovation and project delivery using Agile, Lean, and Envision principles. It summarizes Envision as a construction management tool that optimizes projects using Agile and Lean principles through features like time tracking, document management, 4D modeling, and business intelligence reporting. Implementing Envision can provide benefits like reduced costs, improved safety and transparency, and increased field productivity for owners, contractors, and field supervisors.
This document summarizes a workshop on creating customer-centered product visions using contextual design. The workshop will have participants analyze customer data to understand user needs and issues, then brainstorm ideas for addressing those needs. Participants will develop multiple visions for how new technologies could improve the customer experience. They will evaluate the visions and consolidate them into a coherent solution. The goal is to redesign products and services around customer needs revealed by contextual inquiry research methods.
Further probing the intersections of design, business, and innovation, swissnex San Francisco hosts a presentation on the new executive curriculum from the California College of the Arts (CCA), the Leading By Design Fellows Program.
Digital Architects provides digital strategy and design services. They help clients identify brand opportunities through digital integration and offer the best solution rather than the option with the highest margins. They have broad experience across different industries and focus on making money for clients. Some past clients include Sustainability Victoria, Transport Accident Commission, and Yering Station winery. For each, they conducted research, developed prototypes, and advocated for the client's needs throughout the process. Their goal is to create great customer experiences through digital channels that drive sales.
PROJECT INTERACTION is a 10-week program where students conceptualize designs to address issues in their community through an Understanding by Design approach. Students conduct market research like interviews and surveys to understand user needs, do ethnographic research through cultural probes to study human behavior, and use participatory design techniques like co-design to engage with users. They then brainstorm, prototype, test, and refine their design concepts. In the final week, students present their pitched design proposals to an audience seeking feedback on making their designs a reality.
A Method for Reusing and Re-engineering Non-ontological Resources for Buildin...Boris Villazón-Terrazas
To speed up the ontology development by reusing and re-engineering
non-ontological resources that have already reached some consensus by standardization bodies.
The Trento H&WB Territorial Lab is a living lab located in Trento, Italy that focuses on health and well-being. It is operated as a partnership between a consortium, social partners, SMEs, and insurance companies. The lab conducts long-term experiments with users in the community to develop and test services. It provides businesses opportunities to test services with users and access to data and research. For users it offers involvement in projects and commitment to improving health services. The lab's activities include monitoring elder daily activities, analyzing human behavior, visualizing data, and developing decision support and workflow systems.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
4. HCI can help
Ethno-
Methodology
Contextual Interaction
Design Programming
Activity
Theory
User
Grounded
Centered
Design
Design
Task
Analysis Participative Usage
Design Centered
Design
Value-
Centered
HCI
Horses for courses?
5. HCI can help
Ethno-
Methodology
s?
Contextual Interaction
t
Design
en
Programming
Activity
m
Theory
re
User
ui
Grounded
Centered
q
Design
Design
re
e
th
Task
t
Participative Usage
ou
Analysis
Design Centered
ab
Design
Value-
Centered
t
ha
HCI
W
Horses for courses?
6. HCI can help
Ethno-
Methodology
s?
Contextual Interaction
W s
t
Design
en
Programming
Activity
m
ha u
Theory
re
User
t a ri
ui
Grounded
Centered
q
Design
Design
re
bo ?
ec
e
th
ut
Task
t
Participative Usage
ou
Analysis
ty
Design
th
Centered
ab
Design
Value-
Centered
e
t
ha
HCI
W
Horses for courses?
7. It’s just an engineering
problem?
“there are many tensions that engineers have still not
begun to explore. For example, ease of use is a
priority in control systems design, and security
usability is known to be hard. Will we see conflicts
between security and safety usability? As a typical
plant operator earns less than $40,000, the ‘Homer
Simpson’ problem is a real one. How do we design
security that Homer can use safely?”
Anderson, R., Fuloria, S. Security Economics and
Critical National Infrastruture. In Eighth Workshop
on the Economics of Information Security (WEIS
2009). 2009
15. Current problems
• Values and Contextfor lack of industrial uptake!
Reasons
• Goals
ts?
en
m
re
ui
q
re
e
th
t
ou
ab
t
ha
W
16. Current problems
• Values and Contextfor lack of industrial uptake!
Reasons
• Goals
W
ts?
en
ha cu
m
re
t a ri
ui
se
q
ebo ty?
reut
tth
th
ou
e
ab
t
ha
W
17. Some Good News
• Environments and Contexts of Use
Environment
User Task
Affordance
Object
18. Some Good News
Elicit Validate &
Scope Analyse
Empirical / Specify Manage
Problem Problem
Conceptual System System
Domain Concerns
Data Evolution
19. Some Good News
ts?
en
m
re
qui
re
Elicit Validate &
Scope Analyse
Empirical / Specify Manage
he
Problem Problem
Conceptual tt System System
Domain Concerns
Data Evolution
ou
t ab
ha
W
20. What is IRIS?
A framework for specifying software systems that are
secure for their contexts of use.
Context of Use
Goal
Task Persona
Misuse
1..*
1..*
Case
Threat 1..* 1
1..*
Motive Accept Transfer Mitigate
* * *Response 1..* Persona
Asset*
1..* Attacker* Task *
1..*
Capability 1..* * 1 *
11 1 *
1..* * Risk * * Response Goal
Risk 1..* * Environment 1*
* 1..* Asset *
* Scenario
*
* 1 1
* *
1 1..* *
1..* Threat * Vulnerability Requirement
Vulnerability * * 1* 4
Countermeasure *
1..* 1..*
1..*1..* Misuse Usability *
Misuse Asset Case Attribute
Countermeasure
Case
* Attacker *
*
Obstacle *
1..4
Security 0..4
Attribute
A Meta-Model for
Usable Secure
Requirements
Engineering
21. What is IRIS?
A framework for specifying software systems that are
secure for their contexts of use.
Empirical Data Participant data
Context of Use
Goal
Establish
Task Persona Scope
Misuse
1..*
1..*
Case
Threat 1..* 1
1..*
CAIRIS
Motive Accept Transfer Mitigate
* * *Response 1..* Persona Database
Asset*
1..* Attacker Task *
* 1..*
Capability 1..* * 1 *
11 1 * Investigate
1..* * Risk * * Response Goal
Risk 1..* * Environment 1*
* 1..* Asset * Contexts
* Scenario
*
* 1 1
* *
1 1..* *
1..* Threat * Vulnerability Requirement
Vulnerability * * 1* 4
Countermeasure * 9*,*"(2+.
NeuroGrid data upload/data download
Requirements Specification
1..* 1..* i
Requirements
%2().1(4",*45"923(&2*+"+*,* %2().1(4",*45"7?&2*+"+*,*
1..*1..* Misuse Usability * :&').
!""
!"#$%&&'$()*)$+(',+-+'#*'.%/"#0"),
!""
!"" #""
Misuse Asset Case Attribute
Countermeasure Workshops 12(#+,'$()*)$+(',+-+'-#'.%/"#0"),
!$$#""
!"#$%&'()*+,-.'(%#/-#00+**
3#4*(#+,'+*+(5&)&',+-+ ;%$/"%',+-+'+*+(5&)&
!$$#""
;%$/"%'4#"?@#4'&/A7)&&)#*
Case
* Attacker * %&'.(,"32154,*,'2( :(*&;4'4"+*,*
!$$#""
%&'(')*&"+*,* -215<23
*
*
1..4 Obstacle
!$$#""
12(#+,'+/-8#")&+-)#* 6*#*57)&%',+-+ ;%$/"%',+-+'-"+*&7)&&)#* .%/"#0"),'2#"-+('+$$%&& 3#4*(#+,'+/-8#")&+-)#*
3.4(2',A*5(*))/
"45($-.-$&$
!$$#""
Security 0..4 93<= 93<>
-./0/1234.1
!<= !<> .%/"#0"),'/&%"'+/-8#")&+-)#* 9%"-):$+-%')*&-+((+-)#*
%2().1(4"2/4,*)&."%.1,'8)*,."4=*1'(>
Attribute 1+(%)20#%+-*&#()"3 !"" 1'"%('/-4+5-5('4*+(
ADC'.(+,6*28+B./(1)<,!)/+(742+),@44)11
1*+/-8#")&%,'2#"-+('+$$%&&
!2/.'
:(#$,$/#"%-0+(%)20#%+-#../)0#%)'"
!!"#$%&'()*+,-./,)&*01$&,.211,++.&'),$&,#+33
&#%
NeuroGrid data upload/data download Requirements
Specification
!"" #"" &#$
E)9#9/.-1)/
3.4(2',)*5(*))/(*5
25*1,
12(#+,',+-+
!"" !"""
&./+2'
6*28+B./(1)<,!)/+(742+),@44)11
".-*'.2<,<2+2
!"" !"" &)/1.*2',4)/+(742+)
!'()*+,-./01+2+(.*
74.1"%.1,'8)*,. 621,*& 6.142(*&").1,'8)*,.
9%"-):$+-%'&8+")*B 9#*-"#('4%A'A"#4&%" F"+/,/(+*-'$%"-):$+-%'+22()$+-)#*
!!"#$%&'()*+,-./,)&*01$&,.211,++.&'),$&,#+33
6(7#5($-.-$&$
[unresolved
61)/,!)/+(742+)
@*2';1(1,<2+2
8945(*&."#$%&'()*+,-./,)&*01$&,.211,++
!)/+(742+),89(:8(+;
>*?(1(9'),!.'')5)
/$)(5
6C'.2<,<2+2
C;;'DE2(#)- 1*+--%*,%,'4#"?&-+-)#*'+$$%&&
!)/+(742+),1B2/(*5
contexts]
677-89./')% !"#%%+",+,-4'(;*%#%)'"-#00+**
!'(*(42',<2+2
!"#$
!"#%
&2/+(2',2*.*;=(12+(.*
A Meta-Model for Models Requirements Documentation
Usable Secure
Requirements Design Method Tool-support
Engineering
23. Requirements
Engineering
Requirements GORE (KAOS)
User-
Centered
Scenarios Relevant Misuse-Cases Security
Requirements
Design
Personas Concepts Meta-Models
Engineering
Risk
Environments
Analysis
Tasks Responsibility
Modelling
Information
HCI
Security
24. Example: Modifying PLC
Software
• Programmable Logic
Controllers (PLC) control
clean and waste water
processes.
• Modifications may be
made under duress.
• Accidental or deliberate
errors can be catastrophic.
31. Workshop
Walkthrough
• Persona Validation
Alan
• “There’s a lot of ignorance out there”
• Conscious of vulnerabilities arising from
complex tools.
• Hopes the repository will encourage a
standardised approach to software changes
and backups.
Wednesday, 16 December 2009
32. Workshop
Walkthrough
• Persona Validation
• Asset Modelling
37. Observations
• A natural process to participants.
• Modelling environments increases
participant sensitivity to them.
• Risk Analysis is more about the destination
than the journey.
• We can’t replace creativity, but we can help
innovation.
38. Thank you for listening!
• Any questions?
Acknowledgements
This research was funded by the
EPSRC CASE Studentship R07437/
CN001.
We are also grateful to Qinetiq Ltd
for their sponsorship of this work.