University of Limerick
Browse
- No file added yet -

OASIS: Weakening user obligations for security-critical systems

Download (602.6 kB)
conference contribution
posted on 2021-01-11, 15:58 authored by Thein Than Tun, Amel Bennaceur, Bashar NuseibehBashar Nuseibeh
Security-critical systems typically place some requirements on the behaviour of their users, obliging them to follow certain instructions when using those systems. Security vulnerabilities can arise when users do not fully satisfy their obligations. In this paper, we propose an approach that improves system security by ensuring that attack scenarios are mitigated even when the users deviate from their expected behaviour. e approach uses structured transition systems to present and reason about user obligations. e aim is to identify potential vulnerabilities by weakening the assumptions on how the user will behave. We present an algorithm that combines iterative abstraction and controller synthesis to produce a new so ware speci cation that maintains the satisfaction of security requirements while weakening user obligations. We demonstrate the feasibility of our approach through two examples from the e-voting and e-commerce domains

Funding

Earthquake Damageability of Low-Rise Construction

Directorate for Engineering

Find out more...

History

Publication

2020 IEEE 28th International Requirements Engineering Conference (RE);pp. 113-124

Publisher

IEEE Computer Society

Note

peer-reviewed

Other Funding information

SFI, EPSRC

Rights

© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Language

English

Usage metrics

    University of Limerick

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC