|
|
Models-based analysis of both user and attacker tasks : application to EEVEHAC |
|---|---|
| Author: | Nikula, Sara1; Martinie, Célia2; Palanque, Philippe2; |
| Organizations: |
1VTT Technical Research Centre of Finland, Kaitoväylä 1, 90571, Oulu, Finland 2ICS-IRIT, Université Toulouse III - Paul Sabatier, Toulouse, France 3University of Oulu, Oulu, Finland |
| Format: | article |
| Version: | accepted version |
| Access: | open |
| Online Access: | PDF Full Text (PDF, 1.5 MB) |
| Persistent link: | http://urn.fi/urn:nbn:fi-fe2022092159712 |
| Language: | English |
| Published: |
Springer Nature,
2022
|
| Publish Date: | 2023-08-16 |
| Description: |
AbstractThe design and development of security mechanisms, such as authentication, requires analysis techniques that take into account usability along with security. Although techniques that are grounded in the security domain target the identification and mitigation of possible threats, user centered design approaches have been proposed in order to also take into account the user’s perspective and needs. Approaches dealing with both usability and security focus on the extent to which the user can perform the authentication tasks, as well as on the possible types of attacks that may occur and the potential threats on user tasks. However, to some extent, attacker can be considered as user of the system (even if undesirable), and the analysis of attacker tasks provides useful information for the design and development of an authentication mechanism. We propose a models-based approach to analyse both user and attacker tasks. The modeling of attacker tasks enables to go deeper when analysing the threats on an authentication mechanism and the trade-offs between usability and security. We present the results of the application of this models-based approach to the EEVEHAC security mechanism, which enables the setup of a secure communication channel for users of shared public computers. see all
|
| Series: |
Lecture notes in computer science |
| ISSN: | 0302-9743 |
| ISSN-E: | 1611-3349 |
| ISSN-L: | 0302-9743 |
| ISBN: | 978-3-031-14785-2 |
| ISBN Print: | 978-3-031-14784-5 |
| Volume: | 13482 |
| Pages: | 70 - 89 |
| DOI: | 10.1007/978-3-031-14785-2_5 |
| OADOI: | https://oadoi.org/10.1007/978-3-031-14785-2_5 |
| Host publication: |
Human-Centered Software Engineering: HCSE 2022 |
| Host publication editor: |
Bernhaupt, R. Ardito, C. Sauer, S. |
| Conference: |
International conference on human-centred software engineering |
| Type of Publication: |
A4 Article in conference proceedings |
| Field of Science: |
113 Computer and information sciences |
| Subjects: | |
| Copyright information: |
© 2022 IFIP International Federation for Information Processing. This is a post-peer-review, pre-copyedit version of an article published in Human-Centered Software Engineering. The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-031-14785-2_5.
|