A pattern for secure graphical user interface systems

T Fischer, AR Sadeghi… - 2009 20th International …, 2009 - ieeexplore.ieee.org
2009 20th International Workshop on Database and Expert Systems …, 2009ieeexplore.ieee.org
Several aspects of secure operating systems have been analyzed and described as security
patterns. However, existing patterns do not cover explicitly the secure interaction of users
with the user interface of applications. Especially graphical user interfaces tend to get
complex and vulnerable to spoofing and eavesdropping, eg, due to key loggers or fake
dialog windows. A secure user interface system has to provide a trusted path between the
user and the application the user intends to use. The trusted path must be able to ensure …
Several aspects of secure operating systems have been analyzed and described as security patterns. However, existing patterns do not cover explicitly the secure interaction of users with the user interface of applications. Especially graphical user interfaces tend to get complex and vulnerable to spoofing and eavesdropping, e.g., due to key loggers or fake dialog windows. A secure user interface system has to provide a trusted path between the user and the application the user intends to use. The trusted path must be able to ensure integrity and confidentiality of the transmitted data, and must allow for the verification of the authenticity of the end points. We present a pattern for secure graphical user interface systems and evaluate its use in different implementations. This pattern shows how to fulfill the security requirements of a trusted path while preserving, in a policy-driven way, the flexibility that graphical user interfaces generally demand.
ieeexplore.ieee.org
Showing the best result for this search. See all results