这是Johnny:开发攻击者角色的方法论

2011 Sixth International Conference on Availability, Reliability and Security Pub Date : 2011-08-22 DOI:10.1109/ARES.2011.115

Andrea S. Atzeni, Cesare Cameroni, Shamal Faily, J. Lyle, I. Flechais

{"title":"这是Johnny:开发攻击者角色的方法论","authors":"Andrea S. Atzeni, Cesare Cameroni, Shamal Faily, J. Lyle, I. Flechais","doi":"10.1109/ARES.2011.115","DOIUrl":null,"url":null,"abstract":"The adversarial element is an intrinsic part of the design of secure systems, but our assumptions about attackers and threat is often limited or stereotypical. Although there has been previous work on applying User-Centered Design on Persona development to build personas for possible attackers, such work is only speculative and fails to build upon recent research. This paper presents an approach for developing Attacker Personas which is both grounded and validated by structured data about attackers. We describe a case study example where the personas were developed and used to support the development of a Context of Use description for the EU FP7 webinos project.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"39","resultStr":"{\"title\":\"Here's Johnny: A Methodology for Developing Attacker Personas\",\"authors\":\"Andrea S. Atzeni, Cesare Cameroni, Shamal Faily, J. Lyle, I. Flechais\",\"doi\":\"10.1109/ARES.2011.115\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The adversarial element is an intrinsic part of the design of secure systems, but our assumptions about attackers and threat is often limited or stereotypical. Although there has been previous work on applying User-Centered Design on Persona development to build personas for possible attackers, such work is only speculative and fails to build upon recent research. This paper presents an approach for developing Attacker Personas which is both grounded and validated by structured data about attackers. We describe a case study example where the personas were developed and used to support the development of a Context of Use description for the EU FP7 webinos project.\",\"PeriodicalId\":254443,\"journal\":{\"name\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-08-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"39\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2011.115\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2011.115","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 39

摘要

对抗性元素是安全系统设计的内在组成部分，但我们对攻击者和威胁的假设往往是有限的或刻板的。虽然之前有研究将以用户为中心的设计应用到角色开发中，为可能的攻击者构建角色，但这样的工作只是推测性的，没有建立在最近的研究基础上。本文提出了一种开发攻击者角色的方法，该方法以攻击者的结构化数据为基础并进行验证。我们描述了一个案例研究示例，其中角色被开发并用于支持EU FP7 webinos项目的使用上下文描述的开发。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Here's Johnny: A Methodology for Developing Attacker Personas

The adversarial element is an intrinsic part of the design of secure systems, but our assumptions about attackers and threat is often limited or stereotypical. Although there has been previous work on applying User-Centered Design on Persona development to build personas for possible attackers, such work is only speculative and fails to build upon recent research. This paper presents an approach for developing Attacker Personas which is both grounded and validated by structured data about attackers. We describe a case study example where the personas were developed and used to support the development of a Context of Use description for the EU FP7 webinos project.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 Sixth International Conference on Availability, Reliability and Security

自引率

0.00%

发文量

期刊最新文献

Security Issues in a Synchronous e-Training Platform Deriving Current State RBAC Models from Event Logs Hidden Price of User Authentication: Cost Analysis and Stakeholder Motivation A Proposed Web Access Control System Request Policy Framework for Cooperation of DNS and a Web Browser Non-Parallelizable and Non-Interactive Client Puzzles from Modular Square Roots