IJEM Vol. 7, No. 1, 8 Jan. 2017
Cover page and Table of Contents: PDF (size: 384KB)
Full Text (PDF, 384KB), PP.1-9
Views: 0 Downloads: 0
Coloured Petri net, Information leakage, Information theory, Interactive system, Non-interference
In contemporary interactive software system design, to maintain equilibrium between usability and security is a challenging task because strictly enforced security policies directly affect the usability of the software. As a solution to this problem, information theoretic measure of information leakage in interactive system design has been proposed in the present work. The present paper first models the software system as a coloured Petri net model and after that using information theory and Petri net algebra; it defines the leakage in the interacting system. Based on the leakage definition, the present paper further quantifies information leakage and tries to establish a relation between information leakage and interactive system design principles. The paper also hints to decide consensus on the equilibrium of security and usability.
Kushal Anjaria, Arun Mishra,"Relating Interactive System Design and Information Theory from Information Leakage Perspective", International Journal of Engineering and Manufacturing(IJEM), Vol.7, No.1, pp.1-9, 2017. DOI: 10.5815/ijem.2017.01.01
[1] Boudol, Gérard, and Ilaria Castellani. "Non-interference for concurrent programs and thread systems" Theoretical Computer Science 281.1 (2002): 109-130.
[2] Ryan, P., McLean, J., Millen, J., & Gligor, V. (2001, June). Non-interference: Who needs it? In csfw (p. 0237), IEEE.
[3] C. Shannon, "A mathematical theory of communication", The Bell System Technical Journal, volume 27, July and October, 1948, pages 379–423 and 623–656.
[4] T. M. Cover and J. A. Thomas, "Elements of Information Theory", 1991, Wiley Interscience.
[5] K. Jensen. Coloured Petri nets and the invariant method Mathematical Foundations on Computer Science, Lecture Notes in Computer Science, 118:327–338, 1981.
[6] Baracaldo, Nathalie, and James Joshi. "An adaptive risk management and access control framework to mitigate insider threats." Computers & Security39 (2013): 237-254.
[7] Shneiderman, Ben. Designing the user interface. Pearson Education India, 2003.
[8] Van Glabbeek, Rob, and Frits Vaandrager. "Petri net models for algebraic theories of concurrency." PARLE Parallel Architectures and Languages Europe. Springer Berlin Heidelberg, 1987.
[9] Jategaonkar, Lalita, and Albert Meyer. "Testing equivalence for Petri nets with action refinement: preliminary report." CONCUR'92. Springer Berlin Heidelberg, 1992.
[10] Boreale, Michele. "Quantifying information leakage in process calculi."Information and Computation 207.6 (2009): 699-725.
[11] Massey, James L. "Guessing and entropy." Information Theory, 1994. Proceedings., 1994 IEEE International Symposium on. IEEE, 1994.
[12] De Nicola, Rocco, and Matthew CB Hennessy. "Testing equivalences for processes." Theoretical computer science 34.1-2 (1984): 83-133.
[13] Mori, Giulio, Fabio Paternò, and Carmen Santoro. "CTTE: support for developing and analyzing task models for interactive system design."Software Engineering, IEEE Transactions on 28.8 (2002): 797-813.
[14] Palanque, Philippe, Rémi Bastide, and Valérie Sengès. "Validating interactive system design through the verification of formal task and system models." Engineering for Human-Computer Interaction. Springer US, 1996. 189-212.
[15] Alvim, Mário S., Miguel E. Andrés, and Catuscia Palamidessi. "Information flow in interactive systems." CONCUR 2010-Concurrency Theory. Springer Berlin Heidelberg, 2010. 102-116.
[16] Manhas, Jatinder. "Comparative Study of Website Sitemap Feature as Design Issue in Various Websites." IJEM-International Journal of Engineering and Manufacturing (IJEM) 4.3 (2014): 22.
[17] Chiasson, Sonia, et al. "User interface design affects security: Patterns in click-based graphical passwords." International Journal of Information Security 8.6 (2009): 387-398.
[18] Abrams, Marc, et al. "UIML: an appliance-independent XML user interface language." Computer Networks 31.11 (1999): 1695-1708.
[19] Zurko, Mary Ellen, and Richard T. Simon. "User-centered security."Proceedings of the 1996 workshop on New security paradigms. ACM, 1996.
[20] Borda, Monica (2011). Fundamentals in Information Theory and Coding, Springer. p.11. ISBN 978-3-642-20346-6.
[21] Goltz, Ursula, and Wolfgang Reisig. "The non-sequential behaviour of Petri nets" Information and Control 57.2 (1983): 125-147.
[22] Newman, William M. "A system for interactive graphical programming." Proceedings of the April 30--May 2, 1968, spring joint computer conference. ACM, 1968.
[23] Beringer, Nicole, et al. "Promise-a procedure for multimodal interactive system evaluation." Multimodal Resources and Multimodal Systems Evaluation Workshop Program Saturday, June 1, 2002. 2002.
[24] Beaver, Donald. "Foundations of secure interactive computing" Annual International Cryptology Conference. Springer Berlin Heidelberg, 1991.
[25] Gaines, Brian R., and Peter V. Facey. "Some experience in interactive system development and application." Proceedings of the IEEE 63.6 (1975): 894-911.
[26] Gould, John D., and Clayton Lewis. "Designing for usability: key principles and what designers think." Communications of the ACM 28.3 (1985): 300-311.
[27] Peng, Zhong-Ren, and Ruihong Huang. "Design and development of interactive trip planning for web-based transit information systems." Transportation Research Part C: Emerging Technologies 8.1 (2000).