Cairis

Everyone expects the products and services they use to be secure, but ’building security in’ at the earliest stages of a system’s design also means designing for use as well. Software that is unusable to end-users and unwieldy to developers and administrators may be insecure as errors and violations may expose exploitable vulnerabilities.

This book shows how practitioners and researchers can build both security and usability into the design of systems. It introduces the IRIS framework and the open source CAIRIS platform that can guide the specification of secure and usable software. It also illustrates how IRIS and CAIRIS can complement techniques from User Experience, Security Engineering and Innovation & Entrepreneurship in ways that allow security to be addressed at different stages of the software lifecycle without disruption.

Real-world examples are provided of the techniques and processes illustrated in this book, making this text a resource for practitioners, researchers, educators, and students.

Shamal Faily is a Senior Lecturer in Systems Security Engineering at Bournemouth University, and the maintainer of the open-source CAIRIS platform. His research explores how both security and usability can be designed into software systems. In doing so, his work not only provides assurance that security is incorporated into the design of software, but that the software will continue to be secure when used in different physical, social, and cultural contexts of use.