Most security research focuses on the technical aspects of systems. We consider security from a user-centred point of view. We focus on cognitive processes that influence security of information flow from the user to the computer system. For this, we extend our framework developed for the verification of usability properties. Finally, we consider small examples to illustrate the ideas and approach, and show how some confidentiality leaks, caused by a combination of an inappropriate design and certain aspects of human cognition, can be detected within our framework. Keywords: human error, security, cognitive architecture, formal verification, SAL.
The term “Human error” can simply be defined as an error which made by a human. In fact, Human error...
Information security breaches is a current serious issue that has been faced by many organizations. ...
Traditionally, security is only considered as strong as its weakest link, and people were considered...
AbstractMost security research focuses on the technical aspects of systems. We consider security fro...
Abstract. Computer security has traditionally been assessed from a technical point of view. Another ...
Abstract. The correct functioning of interactive computer systems depends on both the faultless oper...
Many secure systems rely on a “human in the loop” to perform security-critical functions. However, h...
Many secure systems rely on a “human in the loop ” to perform security-critical functions. However, ...
We propose a formal model to analyze security protocols with human interaction. We model humans with...
Inadvertent and Irrational human errors (e.g., clicking on phishing emails) have been the primary ca...
AbstractThis paper describes a model-checking based methodology to detect systematic errors commonly...
peer reviewedThis paper discusses whether usable security is unattainable for some security tasks du...
In security science, efficient operation depends typically on the interaction between technology, hu...
165 pagesThis thesis consists of two parts, representing two separate strands of research.The first ...
Growing attention is being paid to application security at requirements engineering time. Confidenti...
The term “Human error” can simply be defined as an error which made by a human. In fact, Human error...
Information security breaches is a current serious issue that has been faced by many organizations. ...
Traditionally, security is only considered as strong as its weakest link, and people were considered...
AbstractMost security research focuses on the technical aspects of systems. We consider security fro...
Abstract. Computer security has traditionally been assessed from a technical point of view. Another ...
Abstract. The correct functioning of interactive computer systems depends on both the faultless oper...
Many secure systems rely on a “human in the loop” to perform security-critical functions. However, h...
Many secure systems rely on a “human in the loop ” to perform security-critical functions. However, ...
We propose a formal model to analyze security protocols with human interaction. We model humans with...
Inadvertent and Irrational human errors (e.g., clicking on phishing emails) have been the primary ca...
AbstractThis paper describes a model-checking based methodology to detect systematic errors commonly...
peer reviewedThis paper discusses whether usable security is unattainable for some security tasks du...
In security science, efficient operation depends typically on the interaction between technology, hu...
165 pagesThis thesis consists of two parts, representing two separate strands of research.The first ...
Growing attention is being paid to application security at requirements engineering time. Confidenti...
The term “Human error” can simply be defined as an error which made by a human. In fact, Human error...
Information security breaches is a current serious issue that has been faced by many organizations. ...
Traditionally, security is only considered as strong as its weakest link, and people were considered...