Models-based analysis of both user and attacker tasks : application to EEVEHAC
Nikula, Sara; Martinie, Célia; Palanque, Philippe; Hekkala, Julius; Latvala, Outi-Marja; Halunen, Kimmo (2022-08-16)
Nikula, S., Martinie, C., Palanque, P., Hekkala, J., Latvala, OM., Halunen, K. (2022). Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC. In: Bernhaupt, R., Ardito, C., Sauer, S. (eds) Human-Centered Software Engineering. HCSE 2022. Lecture Notes in Computer Science, vol 13482. Springer, Cham. https://doi.org/10.1007/978-3-031-14785-2_5
© 2022 IFIP International Federation for Information Processing. This is a post-peer-review, pre-copyedit version of an article published in Human-Centered Software Engineering. The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-031-14785-2_5.
https://rightsstatements.org/vocab/InC/1.0/
https://urn.fi/URN:NBN:fi-fe2022092159712
Tiivistelmä
Abstract
The design and development of security mechanisms, such as authentication, requires analysis techniques that take into account usability along with security. Although techniques that are grounded in the security domain target the identification and mitigation of possible threats, user centered design approaches have been proposed in order to also take into account the user’s perspective and needs. Approaches dealing with both usability and security focus on the extent to which the user can perform the authentication tasks, as well as on the possible types of attacks that may occur and the potential threats on user tasks. However, to some extent, attacker can be considered as user of the system (even if undesirable), and the analysis of attacker tasks provides useful information for the design and development of an authentication mechanism. We propose a models-based approach to analyse both user and attacker tasks. The modeling of attacker tasks enables to go deeper when analysing the threats on an authentication mechanism and the trade-offs between usability and security. We present the results of the application of this models-based approach to the EEVEHAC security mechanism, which enables the setup of a secure communication channel for users of shared public computers.
Kokoelmat
- Avoin saatavuus [34540]