CAIRIS

cairis_shots

Overview
CAIRIS is an open-source tool that helps designers build security into their software design.  CAIRIS is maintained by BUCSR researchers, and can manage and visualise security and usability design models, leverage attack and architectural patterns, and import and export data in a variety of formats.

More recently, we have been exploring how CAIRIS might be used by other stakeholders in usability and security.  For example, by security engineers carrying out threat modelling or integrating risk models into other security mechanisms like access control systems, and by usability engineers who want to use or make sense of artefacts like personas and task models.

More information about CAIRIS can be found on the tool’s website.

Contacts: Shamal Faily, Jane Henriksen-BulmerDuncan Ki-Aries

Funders: Bournemouth University, DCMS / SETsquared Partnership, EPSRC, European Commission, Innovate UK

Collaborators: Eindhoven University of Technology, Politecnico di Torino, University of Oxford

Related Publications

  • S. Faily, Designing Usable and Secure Software with IRIS and CAIRIS, Springer, 2018.
    [Bibtex]
    @book{fail18,
    author = {Shamal Faily},
    title = {{Designing Usable and Secure Software with IRIS and CAIRIS}},
    publisher = {Springer},
    note = {In Press},
    year = {2018}
    }
  • S. Faily and C. Iacob, “Design as Code: Facilitating Collaboration between Usability and Security Engineers using CAIRIS,” in Proceedings of 4th International Workshop on Evolving Security & Privacy Requirements Engineering, 2017.
    [Bibtex]
    @inproceedings{faia17,
    Author = {Shamal Faily and Claudia Iacob},
    Booktitle = {{Proceedings of 4th International Workshop on Evolving Security \& Privacy Requirements Engineering}},
    Title = {{Design as Code: Facilitating Collaboration between Usability and Security Engineers using CAIRIS}},
    Note = {To Appear},
    Year = {2017}}
  • [PDF] S. Faily and I. Fléchais, “Software for interactive secure systems design: lessons learned developing and applying cairis,” in Designing Interactive Secure Systems: Workshop at British HCI 2012, 2012.
    [Bibtex]
    @inproceedings{fafl121,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Designing Interactive Secure Systems: Workshop at British HCI 2012}},
    Title = {Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS},
    Year = {2012}}
  • [PDF] S. Faily, J. Lyle, C. Namiluko, A. Atzeni, and C. Cameroni, “Model-driven architectural risk analysis using architectural and contextualised attack patterns,” in Proceedings of the workshop on model-driven security, 2012, p. 3:1–3:6.
    [Bibtex]
    @inproceedings{faln12,
    Author = {Faily, Shamal and Lyle, John and Namiluko, Cornelius and Atzeni, Andrea and Cameroni, Cesare},
    Booktitle = {Proceedings of the Workshop on Model-Driven Security},
    Pages = {3:1--3:6},
    Publisher = {ACM},
    Title = {Model-driven architectural risk analysis using architectural and contextualised attack patterns},
    Year = {2012}}
  • [PDF] S. Faily and J. Lyle, “Guidelines for integrating personas into software engineering tools,” in Proceedings of the 5th acm sigchi symposium on engineering interactive computing systems, 2013, p. 69–74.
    [Bibtex]
    @inproceedings{faly131,
    Author = {Shamal Faily and John Lyle},
    Booktitle = {Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems},
    Pages = {69--74},
    Publisher = {ACM},
    Series = {EICS '13},
    Title = {Guidelines for Integrating Personas into Software Engineering Tools},
    Year = {2013}}
  • [PDF] S. Faily and I. Fléchais, “Towards tool-support for Usable Secure Requirements Engineering with CAIRIS,” International journal of secure software engineering, vol. 1, iss. 3, p. 56–70, 2010.
    [Bibtex]
    @article{fafl103,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Journal = {International Journal of Secure Software Engineering},
    Month = {July-September},
    Number = {3},
    Organization = {IGI Global},
    Pages = {56--70},
    Title = {{Towards tool-support for Usable Secure Requirements Engineering with CAIRIS}},
    Volume = {1},
    Year = {2010}}