TU Darmstadt / ULB / TUbiblio

A Pattern for Secure Graphical User Interface Systems

Fischer, Thomas ; Sadeghi, Ahmad-Reza ; Winandy, Marcel (2009)
A Pattern for Secure Graphical User Interface Systems.
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Several aspects of secure operating systems have been analyzed and described as security patterns. However, existing patterns do not cover explicitly the secure interaction of users with the user interface of applications. Especially graphical user interfaces tend to get complex and vulnerable to spoofing and eavesdropping, e.g., due to key loggers or fake dialog windows. A secure user interface system has to provide a trusted path between the user and the application the user intends to use. The trusted path must be able to ensure integrity and confidentiality of the transmitted data, and must allow for the verification of the authenticity of the end points. We present a pattern for secure graphical user interface systems and evaluate its use in different implementations. This pattern shows how to fulfill the security requirements of a trusted path while preserving, in a policy-driven way, the flexibility that graphical user interfaces generally demand.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2009
Autor(en): Fischer, Thomas ; Sadeghi, Ahmad-Reza ; Winandy, Marcel
Art des Eintrags: Bibliographie
Titel: A Pattern for Secure Graphical User Interface Systems
Sprache: Deutsch
Publikationsjahr: August 2009
Verlag: IEEE
Buchtitel: 3rd International Workshop on Secure systems methodologies using patterns (SPattern'09), Proceedings of the 20th International Workshop on Database and Expert Systems Applications
Zugehörige Links:
Kurzbeschreibung (Abstract):

Several aspects of secure operating systems have been analyzed and described as security patterns. However, existing patterns do not cover explicitly the secure interaction of users with the user interface of applications. Especially graphical user interfaces tend to get complex and vulnerable to spoofing and eavesdropping, e.g., due to key loggers or fake dialog windows. A secure user interface system has to provide a trusted path between the user and the application the user intends to use. The trusted path must be able to ensure integrity and confidentiality of the transmitted data, and must allow for the verification of the authenticity of the end points. We present a pattern for secure graphical user interface systems and evaluate its use in different implementations. This pattern shows how to fulfill the security requirements of a trusted path while preserving, in a policy-driven way, the flexibility that graphical user interfaces generally demand.

Freie Schlagworte: Secure Things;Graphical User Interface, Secure GUI, Security Pattern
ID-Nummer: TUD-CS-2009-1848
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 07 Aug 2016 23:04
Letzte Änderung: 03 Jun 2018 21:31
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen