Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC

Sara Nikula, Célia Martinie, Philippe Palanque, Julius Hekkala, Outi-Marja Latvala, Kimmo Halunen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

3 Citations (Scopus)

Abstract

The design and development of security mechanisms, such as authentication, requires analysis techniques that take into account usability along with security. Although techniques that are grounded in the security domain target the identification and mitigation of possible threats, user centered design approaches have been proposed in order to also take into account the user’s perspective and needs. Approaches dealing with both usability and security focus on the extent to which the user can perform the authentication tasks, as well as on the possible types of attacks that may occur and the potential threats on user tasks. However, to some extent, attacker can be considered as user of the system (even if undesirable), and the analysis of attacker tasks provides useful information for the design and development of an authentication mechanism. We propose a models-based approach to analyse both user and attacker tasks. The modeling of attacker tasks enables to go deeper when analysing the threats on an authentication mechanism and the trade-offs between usability and security. We present the results of the application of this models-based approach to the EEVEHAC security mechanism, which enables the setup of a secure communication channel for users of shared public computers.
Original languageEnglish
Title of host publicationHuman-Centered Software Engineering - 9th IFIP WG 13.2 International Working Conference, HCSE 2022
Subtitle of host publicationProceedings
EditorsRegina Bernhaupt, Carmelo Ardito, Stefan Sauer
PublisherSpringer
Pages70-89
Number of pages20
ISBN (Electronic)978-3-031-14785-2
ISBN (Print)978-3-031-14784-5
DOIs
Publication statusPublished - 16 Aug 2022
MoE publication typeA4 Article in a conference publication
Event9th IFIP WG 13.2 International Working Conference, HCSE 2022 - Eindhoven, Netherlands
Duration: 24 Aug 202226 Aug 2022

Publication series

SeriesLecture Notes in Computer Science
Volume13482
ISSN0302-9743

Conference

Conference9th IFIP WG 13.2 International Working Conference, HCSE 2022
Country/TerritoryNetherlands
CityEindhoven
Period24/08/2226/08/22

Keywords

  • Human understandable cryptography
  • Task modeling
  • Usable security
  • Visual channel

Fingerprint

Dive into the research topics of 'Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC'. Together they form a unique fingerprint.

Cite this