CAIRIS (Computer Aided Integration of Requirements and Information Security) is a Requirements Management tool for specifying secure and usable systems. CAIRIS was built from the ground-up to support the elements necessary for usability, requirements, and risk analysis. CAIRIS features include:
- Support for KAOS goal and obstacle modelling, and traceability between goal, requirements, security, and usability model elements.
- Support for entering and managing usability data, such as personas, tasks, and use cases
- Support for entering and managing risk analysis data.
- Support for specifying attack patterns to reason about potential attacks.
- The ability to import architectural patterns to automatically derive attack surface metrics based on them.
- Automatic visualisation of models, and quantitative/qualitative scoring of security and usability data
- Automatic document generation of a VOLERE compliant requirements specification.
CAIRIS should run on most recent flavours of Linux. See the CAIRIS website for installation instructions and manual.