Modelling and analysing cognitive causes of security breaches

Modelling and analysing cognitive causes of security breaches

In this paper we are concerned with security issues that arise in the interaction between user and system. We focus on cognitive processes that affect security of information flow from the user to the computer system and the resilience of the whole system to intruder attacks. For this, we extend our...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Innovations in systems and software engineering 2008-06, Vol.4 (2), p.143-160
Hauptverfasser: Rukšėnas, Rimvydas, Curzon, Paul, Blandford, Ann
Format: Artikel
Sprache:eng
Schlagworte:
Artificial Intelligence
Computer Applications
Computer Science
Original Paper
Software Engineering
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper we are concerned with security issues that arise in the interaction between user and system. We focus on cognitive processes that affect security of information flow from the user to the computer system and the resilience of the whole system to intruder attacks. For this, we extend our framework developed for the verification of usability properties by introducing two kinds of intruder models, an observer and an active intruder, with the associated security properties. Finally, we consider small examples to illustrate the ideas and approach. These examples demonstrate how our framework can be used (a) to detect confidentiality leaks, caused by a combination of an inappropriate design and certain aspects of human cognition, and (b) to identify designs more susceptible to cognitively based intruder attacks.
ISSN:1614-5046
1614-5054
DOI:10.1007/s11334-008-0050-7