University of Oulu

Nikula, S., Martinie, C., Palanque, P., Hekkala, J., Latvala, OM., Halunen, K. (2022). Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC. In: Bernhaupt, R., Ardito, C., Sauer, S. (eds) Human-Centered Software Engineering. HCSE 2022. Lecture Notes in Computer Science, vol 13482. Springer, Cham. https://doi.org/10.1007/978-3-031-14785-2_5

Models-based analysis of both user and attacker tasks : application to EEVEHAC

Saved in:
Author: Nikula, Sara1; Martinie, Célia2; Palanque, Philippe2;
Organizations: 1VTT Technical Research Centre of Finland, Kaitoväylä 1, 90571, Oulu, Finland
2ICS-IRIT, Université Toulouse III - Paul Sabatier, Toulouse, France
3University of Oulu, Oulu, Finland
Format: article
Version: accepted version
Access: embargoed
Persistent link: http://urn.fi/urn:nbn:fi-fe2022092159712
Language: English
Published: Springer Nature, 2022
Publish Date: 2023-08-16
Description:

Abstract

The design and development of security mechanisms, such as authentication, requires analysis techniques that take into account usability along with security. Although techniques that are grounded in the security domain target the identification and mitigation of possible threats, user centered design approaches have been proposed in order to also take into account the user’s perspective and needs. Approaches dealing with both usability and security focus on the extent to which the user can perform the authentication tasks, as well as on the possible types of attacks that may occur and the potential threats on user tasks. However, to some extent, attacker can be considered as user of the system (even if undesirable), and the analysis of attacker tasks provides useful information for the design and development of an authentication mechanism. We propose a models-based approach to analyse both user and attacker tasks. The modeling of attacker tasks enables to go deeper when analysing the threats on an authentication mechanism and the trade-offs between usability and security. We present the results of the application of this models-based approach to the EEVEHAC security mechanism, which enables the setup of a secure communication channel for users of shared public computers.

see all

Series: Lecture notes in computer science
ISSN: 0302-9743
ISSN-E: 1611-3349
ISSN-L: 0302-9743
ISBN: 978-3-031-14785-2
ISBN Print: 978-3-031-14784-5
Volume: 13482
Pages: 70 - 89
DOI: 10.1007/978-3-031-14785-2_5
OADOI: https://oadoi.org/10.1007/978-3-031-14785-2_5
Host publication: Human-Centered Software Engineering: HCSE 2022
Host publication editor: Bernhaupt, R.
Ardito, C.
Sauer, S.
Conference: International conference on human-centred software engineering
Type of Publication: A4 Article in conference proceedings
Field of Science: 113 Computer and information sciences
Subjects:
Copyright information: © 2022 IFIP International Federation for Information Processing. This is a post-peer-review, pre-copyedit version of an article published in Human-Centered Software Engineering. The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-031-14785-2_5.