Here's Johnny: A Methodology for Developing Attacker Personas

Atzeni, Andrea; Cameroni, Cesare; Faily, Shamal; Lyle, John; Fléchais, Ivan

doi:10.1109/ares.2011.115

Cited by 37 publications

(36 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, they do have parallels in other aspects of software engineering. Brainstormed Attacker Profiles relates to the HCI concept of 'personas'; Atzeni et al [4], describe an analytic (rather than brainstorm) approach to generating attacker personas. Cross-team Security Discussion relates to the large amount of work available on collaboration between distributed teams [10].…”

Section: A Relationship To Existing Workmentioning

confidence: 99%

I'd Like to Have an Argument, Please: Using Dialectic for Effective App Security

Weir¹,

Rashid²,

Noble³

2017

Proceedings 2nd European Workshop on Usable Security

View full text Add to dashboard Cite

Abstract-The lack of good secure development practice for app developers threatens everyone who uses mobile software. Current practice emphasizes checklists of processes and security errors to avoid, and has not proved effective in the application development domain. Based on analysis of interviews with relevant security experts, we suggest that secure app development requires 'dialectic': challenging dialog with a range of counterparties, continued throughout the development cycle. By further studying the different dialectic techniques possible in programmers' communications, we shall be able to empower app developers to produce the secure software that we need.

show abstract

Section: A Relationship To Existing Workmentioning

confidence: 99%

I'd Like to Have an Argument, Please: Using Dialectic for Effective App Security

Weir¹,

Rashid²,

Noble³

2017

Proceedings 2nd European Workshop on Usable Security

View full text Add to dashboard Cite

show abstract

“…This introduces problems as we cannot interview actual attackers. In [8] this has been dealt with by developing personas by using assumptions of their character. In this paper we introduce the concept of narratives, or storytelling, which puts personas in a general context where motives and goals are based on the situation and surrounding, rather than solely on individual goals.…”

Section: Personas As a Way To Present Users To Security Designersmentioning

confidence: 99%

“…Still, such criminal actors are hard to find, harder to interview, and even harder to reveal. In this paper we follow-up on recent work [8] and propose a solution based on a methodology being highly appreciated within the practical user-centered design community-the persona methodology.…”

Section: Introductionmentioning

confidence: 99%

Framing the Attacker in Organized Cybercrime

Tariq

Brynielsson

Artman

2012

2012 European Intelligence and Security Informatics Conference

View full text Add to dashboard Cite

Abstract-When large values are at stake, the attacker and the attacker's motives cannot be easily modeled, since both the organization at stake and the possible attackers are unique and have complex motives. Hence, rather than using stereotypical attacker models, recent work proposes realistic profiling of the opponent by the use of user-centered design principles in form of the persona methodology.Today, cybercrime is often organized, i.e., attacks are planned and executed by an organization that has put together a tailormade team consisting of the necessary skills for the task. The actual individuals taking part in the attack might not be aware of or interested in the overall organizational motives. Rather, taking motives behind espionage, fraud, etc., into account requires consideration of the attacking organization rather than the individuals. In this paper, based on interviews with IT security experts, we build on the attacker persona methodology and extend it with methodology to also handle organizational motives in order to tackle organized cybercrime. The resulting framework presented in the paper extends the attacker persona methodology by also using narratives in order to assess the own organization's security. These narratives give rise to intrigue sketches involving any number of attacker personas which, hence, make it possible to take organized cybercrime into account.

show abstract

“…Attack trees [26] were created to visually and systematically represent how these personas might launch certain attacks. More information on how attacker personas were created and used can be found in [1].…”

Section: ) Attackersmentioning

confidence: 99%

“…This allows developers to carry out their own risk analysis on later versions of webinos specifications, to determine whether webinos meets their own security and privacy expectations, as well as those of the personas in the context of use description. 1 These are downloadable from http://webinos.org IV. DIFFICULTIES While the approach taken was largely successful, it was not entirely problem-free.…”

Section: E Releasing Webinos Design Datamentioning

confidence: 99%

Usability and Security by Design: A Case Study in Research and Development

Faily¹,

Lyle²,

Fléchais³

et al. 2015

Proceedings 2015 Workshop on Usable Security

Self Cite

View full text Add to dashboard Cite

Abstract-There is ongoing interest in utilising user experiences associated with security and privacy to better inform system design and development. However, there are few studies demonstrating how, together, security and usability design techniques can help in the design of secure systems; such studies provide practical examples and lessons learned that practitioners and researchers can use to inform best practice, and underpin future research. This paper describes a three-year study where security and usability techniques were used in a research and development project to develop webinos -a secure, crossplatform software environment for web applications. Because they value innovation over both security and usability, research and development projects are a particularly difficult context of study. We describe the difficulties faced in applying these security and usability techniques, the approaches taken to overcome them, and lessons that can be learned by others trying to build usability and security into software systems.

show abstract

Here's Johnny: A Methodology for Developing Attacker Personas

Cited by 37 publications

References 12 publications

I'd Like to Have an Argument, Please: Using Dialectic for Effective App Security

I'd Like to Have an Argument, Please: Using Dialectic for Effective App Security

Framing the Attacker in Organized Cybercrime

Usability and Security by Design: A Case Study in Research and Development

Contact Info

Product

Resources

About