Modelling and analysing cognitive causes of security breaches.
Innovations in Systems and Software Engineering
In this paper we are concerned with security issues that arise in the interaction between user and system. We focus on cognitive processes that affect security of information flow from the user to the computer system and the resilience of the whole system to intruder attacks. For this, we extend our framework developed for the verification of usability properties by introducing two kinds of intruder models, an observer and an active intruder, with the associated security properties. Finally, we consider small examples to illustrate the ideas and approach. These examples demonstrate how our framework can be used (a) to detect confidentiality leaks, caused by a combination of an inappropriate design and certain aspects of human cognition, and (b) to identify designs more susceptible to cognitively based intruder attacks. © Springer-Verlag London Limited 2008.
|Title:||Modelling and analysing cognitive causes of security breaches|
|Keywords:||Cognitive architecture, Formal verification, Human error, SAL, Security|
|UCL classification:||UCL > School of BEAMS > Faculty of Engineering Science
UCL > School of BEAMS > Faculty of Engineering Science > Computer Science
Archive Staff Only