Copy the page URI to the clipboard
Tun, Thein Than; Bennaceur, Amel and Nuseibeh, Bashar
(2020).
DOI: https://doi.org/10.1109/RE48521.2020.00023
Abstract
Security-critical systems typically place some requirements on the behaviour of their users, obliging them to follow certain instructions when using those systems. Security vulnerabilities can arise when users do not fully satisfy their obligations.
In this paper, we propose an approach that improves system security by ensuring that attack scenarios are mitigated even when the users deviate from their expected behaviour. The approach uses structured transition systems to present and reason about user obligations. The aim is to identify potential vulnerabilities by weakening the assumptions on how the user will behave. We present an algorithm that combines iterative abstraction and controller synthesis to produce a new software specification that maintains the satisfaction of security requirements while weakening user obligations.
We demonstrate the feasibility of our approach through two examples from the e-voting and e-commerce domains.
Viewing alternatives
Download history
Metrics
Public Attention
Altmetrics from AltmetricNumber of Citations
Citations from DimensionsItem Actions
Export
About
- Item ORO ID
- 71207
- Item Type
- Conference or Workshop Item
- ISBN
- 1-72817-438-4, 978-1-72817-438-9
- ISSN
- 2332-6441
- Project Funding Details
-
Funded Project Name Project ID Funding Body SAUSE: Secure, Adaptive, Usable Software Engineering EP/R013144/1 (previous: EP/R005095/1) EPSRC (Engineering and Physical Sciences Research Council) - Keywords
- System security; user behaviour; e-voting
- Academic Unit or School
-
Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM) - Research Group
- Software Engineering and Design (SEAD)
- Copyright Holders
- © 2020 IEEE
- Depositing User
- Amel Bennaceur