University of Limerick Institutional Repository

OASIS: Weakening user obligations for security-critical systems

DSpace Repository

Show simple item record

dc.contributor.author Tun, Thein Than
dc.contributor.author Bennaceur, Amel
dc.contributor.author Nuseibeh, Bashar
dc.date.accessioned 2021-01-11T15:58:53Z
dc.date.available 2021-01-11T15:58:53Z
dc.date.issued 2020
dc.identifier.uri http://hdl.handle.net/10344/9594
dc.description peer-reviewed en_US
dc.description.abstract Security-critical systems typically place some requirements on the behaviour of their users, obliging them to follow certain instructions when using those systems. Security vulnerabilities can arise when users do not fully satisfy their obligations. In this paper, we propose an approach that improves system security by ensuring that attack scenarios are mitigated even when the users deviate from their expected behaviour. e approach uses structured transition systems to present and reason about user obligations. e aim is to identify potential vulnerabilities by weakening the assumptions on how the user will behave. We present an algorithm that combines iterative abstraction and controller synthesis to produce a new so ware speci cation that maintains the satisfaction of security requirements while weakening user obligations. We demonstrate the feasibility of our approach through two examples from the e-voting and e-commerce domains en_US
dc.language.iso eng en_US
dc.publisher IEEE Computer Society en_US
dc.relation 13RC2094 en_US
dc.relation.ispartofseries 2020 IEEE 28th International Requirements Engineering Conference (RE);pp. 113-124
dc.relation.uri http://dx.doi.org/10.1109/RE48521.2020.00023
dc.rights © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. en_US
dc.subject system security en_US
dc.subject user behaviour en_US
dc.subject e-voting en_US
dc.title OASIS: Weakening user obligations for security-critical systems en_US
dc.type info:eu-repo/semantics/conferenceObject en_US
dc.type.supercollection all_ul_research en_US
dc.type.supercollection ul_published_reviewed en_US
dc.identifier.doi 10.1109/RE48521.2020.00023
dc.contributor.sponsor SFI en_US
dc.contributor.sponsor EPSRC en_US
dc.relation.projectid 13/RC/2094 en_US
dc.rights.accessrights info:eu-repo/semantics/openAccess en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search ULIR


Browse

My Account

Statistics