Identifying Implicit Vulnerabilities through Personas as Goal Models

TL;DR

This paper proposes a tool-supported method to identify hidden vulnerabilities in systems by transforming personas into social goal models, helping stakeholders visualize and analyze potential misalignments between user expectations and system goals.

Contribution

It introduces a novel approach to visualize personas as goal models, enabling the detection of implicit vulnerabilities related to human behavior in requirements engineering.

Findings

Hidden vulnerabilities based on human behavior were successfully identified.

Visualizing personas as goal models improves stakeholder understanding of system risks.

The approach integrates into existing RE tool-chains for better vulnerability detection.

Abstract

When used in requirements processes and tools, personas have the potential to identify vulnerabilities resulting from misalignment between user expectations and system goals. Typically, however, this potential is unfulfilled as personas and system goals are captured with different mindsets, by different teams, and for different purposes. If personas are visualised as goal models, it may be easier for stakeholders to see implications of their goals being satisfied or denied, and designers to incorporate the creation and analysis of such models into the broader RE tool-chain. This paper outlines a tool-supported approach for finding implicit vulnerabilities from user and system goals by reframing personas as social goal models. We illustrate this approach with a case study where previously hidden vulnerabilities based on human behaviour were identified.