Thumbnail Image
Publication

OASIS: Weakening user obligations for security-critical systems

Date
2020
Abstract
Security-critical systems typically place some requirements on the behaviour of their users, obliging them to follow certain instructions when using those systems. Security vulnerabilities can arise when users do not fully satisfy their obligations. In this paper, we propose an approach that improves system security by ensuring that attack scenarios are mitigated even when the users deviate from their expected behaviour. e approach uses structured transition systems to present and reason about user obligations. e aim is to identify potential vulnerabilities by weakening the assumptions on how the user will behave. We present an algorithm that combines iterative abstraction and controller synthesis to produce a new so ware speci cation that maintains the satisfaction of security requirements while weakening user obligations. We demonstrate the feasibility of our approach through two examples from the e-voting and e-commerce domains
Supervisor
Description
peer-reviewed
Publisher
IEEE Computer Society
Citation
2020 IEEE 28th International Requirements Engineering Conference (RE);pp. 113-124
Collections
Lero - The Science Foundation Ireland Research Centre for Software
Show all metadata
Files
Thumbnail Image
Nuseibeh_2020_OASIS.pdf
Adobe PDF602.6 KB
Keywords
system security, user behaviour, e-voting
ULRR Identifiers
https://hdl.handle.net/10344/9594
 https://doi.org/10.34961/643
Funding code
Funding Information
Science Foundation Ireland (SFI), EPSRC
Sustainable Development Goals
External Link
License
Embedded videos