Security-critical systems typically place some
requirements on the behaviour of their users, obliging them
to follow certain instructions when using those systems.
Security vulnerabilities can arise when users do not fully
satisfy their obligations. In this paper, we propose an
approach that improves system security by ensuring that
attack scenarios are mitigated even when the users deviate
from their expected behaviour. e approach uses structured
transition systems to present and reason about user obligations. e aim is to identify potential vulnerabilities by
weakening the assumptions on how the user will behave. We
present an algorithm that combines iterative abstraction and
controller synthesis to produce a new so ware speci cation
that maintains the satisfaction of security requirements while
weakening user obligations. We demonstrate the feasibility
of our approach through two examples from the e-voting and
e-commerce domains