OASIS: Weakening User Obligations for Security-critical Systems
Tun, T. T., Bennaceur, A. & Nuseibeh, B.
ORCID: 0000-0002-3476-053X (2020).
OASIS: Weakening User Obligations for Security-critical Systems.
In:
2020 IEEE 28th International Requirements Engineering Conference (RE).
2020 IEEE 28th International Requirements Engineering Conference (RE), 31 Aug - 4 Sep 2020, Zurich, Switzerland.
doi: 10.1109/re48521.2020.00023
Abstract
Security-critical systems typically place some requirements on the behaviour of their users, obliging them to follow certain instructions when using those systems. Security vulnerabilities can arise when users do not fully satisfy their obligations. In this paper, we propose an approach that improves system security by ensuring that attack scenarios are mitigated even when the users deviate from their expected behaviour. The approach uses structured transition systems to present and reason about user obligations. The aim is to identify potential vulnerabilities by weakening the assumptions on how the user will behave. We present an algorithm that combines iterative abstraction and controller synthesis to produce a new software specification that maintains the satisfaction of security requirements while weakening user obligations. We demonstrate the feasibility of our approach through two examples from the e-voting and e-commerce domains.
| Publication Type: | Conference or Workshop Item (Paper) |
|---|---|
| Additional Information: | Copyright © 2020, IEEE; For the purpose of open access, the author(s) has applied a Creative Commons Attribution (CC BY) license |
| Publisher Keywords: | System security, user behaviour, e-voting, Software, Password, Electronic voting, Sociotechnical systems, Automata, Protocols |
| Subjects: | H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software |
| Departments: | School of Science & Technology |
| SWORD Depositor: |
Available under License Creative Commons Attribution Non-commercial.
Download (608kB) | Preview
Export
Downloads
Downloads per month over past year
Metadata
Metadata