Detecting cognitive causes of confidentiality leaks

R Rukšėnas, Paul Curzon, Ann Blandford
in Proceedings of the First International Workshop on Formal Methods for Interactive Systems (FMIS 2006), Conference paper (text), Amsterdam, The Netherlands


Most security research focuses on the technical aspects of systems. We consider security from a user-centred point of view. We focus on cognitive processes that influence security of information flow from the user to the computer system. For this, we extend our framework developed for the verification of usability properties. Finally, we consider small examples to illustrate the ideas and approach, and show how some confidentiality leaks, caused by a combination of an inappropriate design and certain aspects of human cognition, can be detected within our framework.