City Research Online

OASIS: Weakening User Obligations for Security-critical Systems

Tun, T. T., Bennaceur, A. & Nuseibeh, B. ORCID: 0000-0002-3476-053X (2020). OASIS: Weakening User Obligations for Security-critical Systems. In: 2020 IEEE 28th International Requirements Engineering Conference (RE). 2020 IEEE 28th International Requirements Engineering Conference (RE), 31 Aug - 4 Sep 2020, Zurich, Switzerland. doi: 10.1109/re48521.2020.00023

Abstract

Security-critical systems typically place some requirements on the behaviour of their users, obliging them to follow certain instructions when using those systems. Security vulnerabilities can arise when users do not fully satisfy their obligations. In this paper, we propose an approach that improves system security by ensuring that attack scenarios are mitigated even when the users deviate from their expected behaviour. The approach uses structured transition systems to present and reason about user obligations. The aim is to identify potential vulnerabilities by weakening the assumptions on how the user will behave. We present an algorithm that combines iterative abstraction and controller synthesis to produce a new software specification that maintains the satisfaction of security requirements while weakening user obligations. We demonstrate the feasibility of our approach through two examples from the e-voting and e-commerce domains.

Publication Type: Conference or Workshop Item (Paper)
Additional Information: Copyright © 2020, IEEE; For the purpose of open access, the author(s) has applied a Creative Commons Attribution (CC BY) license
Publisher Keywords: System security, user behaviour, e-voting, Software, Password, Electronic voting, Sociotechnical systems, Automata, Protocols
Subjects: H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Departments: School of Science & Technology
SWORD Depositor:
[thumbnail of re_2020.pdf]
Preview
Text - Accepted Version
Available under License Creative Commons Attribution Non-commercial.

Download (608kB) | Preview

Export

Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login