Threat Modelling in User Performed Authentication
Date: October 2008
Publication: Proceedings of the 10th International Conference on Information and Communications Security (ICICS '08)
Page(s): 49 - 64
Source 1: https://www-users.cs.york.ac.uk/%7Ejac/PublishedPapers/ThreatModellingUserAuthenticationICICS2008.pdf
Source 2: https://doi.org/10.1007/978-3-540-88625-9_4 - Subscription or payment required
Abstract or Summary:
User authentication can be compromised both by subverting the system and by subverting the user; the threat modelling of the former is well studied, the latter less so. We propose a method to determine opportunities to subvert the user allowing vulnerabilities to be systematically identified. The method is applied to VeriSignís OpenID authentication mechanism.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.