{"id":"https://openalex.org/W7116933389","doi":"https://doi.org/10.1145/3727967.3756849","title":"Persona-driven approach to enhance security requirement elicitation","display_name":"Persona-driven approach to enhance security requirement elicitation","publication_year":2025,"publication_date":"2025-06-17","ids":{"openalex":"https://openalex.org/W7116933389","doi":"https://doi.org/10.1145/3727967.3756849"},"language":null,"primary_location":{"id":"doi:10.1145/3727967.3756849","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756849","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3727967.3756849","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5018309143","display_name":"Daria Levaniuk","orcid":"https://orcid.org/0000-0002-9043-3568"},"institutions":[{"id":"https://openalex.org/I63548447","display_name":"Lappeenranta-Lahti University of Technology","ror":"https://ror.org/0208vgz68","country_code":"FI","type":"education","lineage":["https://openalex.org/I63548447"]}],"countries":["FI"],"is_corresponding":true,"raw_author_name":"Daria Levaniuk","raw_affiliation_strings":["Software Engineering Department, LUT University, Lappeenranta, Finland"],"raw_orcid":"https://orcid.org/0000-0002-9043-3568","affiliations":[{"raw_affiliation_string":"Software Engineering Department, LUT University, Lappeenranta, Finland","institution_ids":["https://openalex.org/I63548447"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064718337","display_name":"Bilal Naqvi","orcid":"https://orcid.org/0000-0001-5271-5604"},"institutions":[{"id":"https://openalex.org/I63548447","display_name":"Lappeenranta-Lahti University of Technology","ror":"https://ror.org/0208vgz68","country_code":"FI","type":"education","lineage":["https://openalex.org/I63548447"]}],"countries":["FI"],"is_corresponding":false,"raw_author_name":"Bilal Naqvi","raw_affiliation_strings":["Software Engineering Department, LUT University, Lappeenranta, Finland"],"raw_orcid":"https://orcid.org/0000-0001-5271-5604","affiliations":[{"raw_affiliation_string":"Software Engineering Department, LUT University, Lappeenranta, Finland","institution_ids":["https://openalex.org/I63548447"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111122026","display_name":"Muhammad Azeem Akbar","orcid":"https://orcid.org/0000-0002-4906-6495"},"institutions":[{"id":"https://openalex.org/I63548447","display_name":"Lappeenranta-Lahti University of Technology","ror":"https://ror.org/0208vgz68","country_code":"FI","type":"education","lineage":["https://openalex.org/I63548447"]}],"countries":["FI"],"is_corresponding":false,"raw_author_name":"Muhammad Azeem Akbar","raw_affiliation_strings":["Software Engineering Department, LUT University, Lappeenranta, Finland"],"raw_orcid":"https://orcid.org/0000-0002-4906-6495","affiliations":[{"raw_affiliation_string":"Software Engineering Department, LUT University, Lappeenranta, Finland","institution_ids":["https://openalex.org/I63548447"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075512350","display_name":"Antti Knutas","orcid":"https://orcid.org/0000-0002-6953-0021"},"institutions":[{"id":"https://openalex.org/I63548447","display_name":"Lappeenranta-Lahti University of Technology","ror":"https://ror.org/0208vgz68","country_code":"FI","type":"education","lineage":["https://openalex.org/I63548447"]}],"countries":["FI"],"is_corresponding":false,"raw_author_name":"Antti Knutas","raw_affiliation_strings":["Software Engineering Department, LUT University, Lappeenranta, Finland"],"raw_orcid":"https://orcid.org/0000-0002-6953-0021","affiliations":[{"raw_affiliation_string":"Software Engineering Department, LUT University, Lappeenranta, Finland","institution_ids":["https://openalex.org/I63548447"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5018309143"],"corresponding_institution_ids":["https://openalex.org/I63548447"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.60447607,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"49","last_page":"55"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T14074","display_name":"Persona Design and Applications","score":0.98089998960495,"subfield":{"id":"https://openalex.org/subfields/1709","display_name":"Human-Computer Interaction"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T14074","display_name":"Persona Design and Applications","score":0.98089998960495,"subfield":{"id":"https://openalex.org/subfields/1709","display_name":"Human-Computer Interaction"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.0026000000070780516,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10803","display_name":"Innovative Human-Technology Interaction","score":0.00139999995008111,"subfield":{"id":"https://openalex.org/subfields/1709","display_name":"Human-Computer Interaction"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.7063000202178955},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.6714000105857849},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.6514000296592712},{"id":"https://openalex.org/keywords/security-engineering","display_name":"Security engineering","score":0.6262000203132629},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.595300018787384},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.5778999924659729},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5486999750137329},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.503000020980835},{"id":"https://openalex.org/keywords/requirements-elicitation","display_name":"Requirements elicitation","score":0.48019999265670776}],"concepts":[{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.7063000202178955},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.6714000105857849},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.6514000296592712},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.6262000203132629},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.595300018787384},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.5778999924659729},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5667999982833862},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5559999942779541},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5486999750137329},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.503000020980835},{"id":"https://openalex.org/C45384764","wikidata":"https://www.wikidata.org/wiki/Q838667","display_name":"Requirements elicitation","level":4,"score":0.48019999265670776},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.44119998812675476},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.3774000108242035},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.36809998750686646},{"id":"https://openalex.org/C6353995","wikidata":"https://www.wikidata.org/wiki/Q17027910","display_name":"Human-computer interaction in information security","level":5,"score":0.3474999964237213},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.335099995136261},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.33180001378059387},{"id":"https://openalex.org/C52420254","wikidata":"https://www.wikidata.org/wiki/Q7445028","display_name":"Security convergence","level":5,"score":0.3230000138282776},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.3179999887943268},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.31200000643730164},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.2840000092983246},{"id":"https://openalex.org/C6604083","wikidata":"https://www.wikidata.org/wiki/Q376937","display_name":"Requirements engineering","level":3,"score":0.27379998564720154},{"id":"https://openalex.org/C2779449393","wikidata":"https://www.wikidata.org/wiki/Q302285","display_name":"Human security","level":2,"score":0.26579999923706055},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.26339998841285706},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.2590999901294708},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2587999999523163},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.25859999656677246},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.2563000023365021},{"id":"https://openalex.org/C178639896","wikidata":"https://www.wikidata.org/wiki/Q604035","display_name":"Logical security","level":5,"score":0.2529999911785126},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.251800000667572}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3727967.3756849","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756849","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3727967.3756849","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756849","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W1036550512","https://openalex.org/W2018170191","https://openalex.org/W2145813135","https://openalex.org/W2146218629","https://openalex.org/W2164955012","https://openalex.org/W2277479594","https://openalex.org/W2428171027","https://openalex.org/W2560350721","https://openalex.org/W2585818648","https://openalex.org/W2743584090","https://openalex.org/W2894149177","https://openalex.org/W2909940083","https://openalex.org/W2937314533","https://openalex.org/W3007858160","https://openalex.org/W3012489869","https://openalex.org/W3041681877","https://openalex.org/W3091198691","https://openalex.org/W3112531412","https://openalex.org/W3122482990","https://openalex.org/W3158739322","https://openalex.org/W3166592574","https://openalex.org/W4207033904","https://openalex.org/W4288057734","https://openalex.org/W4293052844","https://openalex.org/W4312635378","https://openalex.org/W4312952607","https://openalex.org/W4313005641","https://openalex.org/W4323240807","https://openalex.org/W4327843945","https://openalex.org/W4362513283","https://openalex.org/W4380361656","https://openalex.org/W4388036067","https://openalex.org/W4399572332","https://openalex.org/W4399573325","https://openalex.org/W4405671532"],"related_works":[],"abstract_inverted_index":{"Security":[0],"Requirements":[1],"Engineering":[2],"(SRE)":[3],"is":[4],"a":[5,32,79],"fundamental":[6],"process":[7],"in":[8,23,34,86],"the":[9,24,56,62,64,87,96,99,116,119],"development":[10,26,92],"of":[11,38,58,90,98,121],"secure":[12],"systems,":[13],"ensuring":[14],"that":[15,49,82,145],"security":[16,39,47,59,71,100,122,139,143,153,157],"needs":[17],"are":[18,50],"identified":[19],"and":[20,93,107,114,135,155],"addressed":[21],"early":[22,88],"software":[25],"lifecycle.":[27],"However,":[28],"existing":[29],"literature":[30],"highlights":[31],"gap":[33],"integrating":[35],"human":[36,53,84,126],"aspects":[37],"within":[40],"SRE,":[41],"which":[42],"can":[43],"lead":[44],"to":[45,52,66,132,141],"complex":[46],"solutions":[48],"prone":[51],"errors,":[54],"increasing":[55],"risk":[57],"breaches.":[60],"Over":[61],"years,":[63],"need":[65],"incorporate":[67],"user-centric":[68],"approaches":[69],"into":[70],"design":[72,142],"has":[73],"become":[74],"apparent.":[75],"This":[76],"paper":[77],"presents":[78],"persona-based":[80],"approach":[81,117],"incorporates":[83],"factors":[85],"stages":[89],"system":[91],"thereby":[94],"improves":[95],"quality":[97],"requirements":[101],"elicitation":[102],"process.":[103],"By":[104],"characterizing":[105],"users":[106],"attackers":[108],"based":[109],"on":[110],"their":[111],"needs,":[112],"motivations,":[113],"behaviors,":[115],"enhances":[118],"identification":[120],"vulnerabilities":[123],"arising":[124],"from":[125],"interactions.":[127],"The":[128],"proposed":[129],"methodology":[130],"contributes":[131],"both":[133],"research":[134],"practice":[136],"by":[137],"enabling":[138],"engineers":[140],"mechanisms":[144],"align":[146],"with":[147],"user":[148,152],"behavior,":[149],"ultimately":[150],"improving":[151],"engagement":[154],"reducing":[156],"risks.":[158]},"counts_by_year":[],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2025-12-23T00:00:00"}