Interplay of Human Factors and Secure Architecture Design using Model-Driven Engineering

When developing a secure software architecture, a development team must collaborate to make critical security-related decisions. The human factors of the development team members play a vital role in secure architecture design and therefore must be considered when forming or evaluating development teams for a software project. In this paper, we present a model-driven approach for studying the interplay of human factors and secure architecture design. Specifically, we propose a conceptual model for considering direct and indirect human factors of the development team during secure software design and a set of modeling languages to represent the human factors. We also provide a questionnaire-based methodology to evaluate human factors of development team members and define team profiles. The approach enables characterizing the human factors of team members desired to achieve the protection goals of software architecture assets and to determine which team members should be participating in the decision-making for the design to achieve the goals for assets by matching the desired human factors to members belonging to team profiles. This approach can improve the confidence on the decision-making capabilities of teams when faced with critical security-related design designs. We illustrate the approach using a generic SCADA system use case.