Here's Johnny: a methodology for developing attacker personas.

Atzeni, Andrea; Cameroni, Cesare; Faily, Shamal; Lyle, John; Fléchais, Ivan

doi:10.1109/ares.2011.115

Authors

Andrea Atzeni

Cesare Cameroni

Dr Shamal Faily s.faily@rgu.ac.uk
Lecturer

John Lyle

Ivan Fléchais

Abstract

The adversarial element is an intrinsic part of the design of secure systems, but our assumptions about attackers and threat is often limited or stereotypical. Although there has been previous work on applying User-Centered Design on Persona development to build personas for possible attackers, such work is only speculative and fails to build upon recent research. This paper presents an approach for developing Attacker Personas which is both grounded and validated by structured data about attackers. We describe a case study example where the personas were developed and used to support the development of a Context of Use description for the EU FP7 webinos project.

Citation

ATZENI, A., CAMERONI, C., FAILY, S., LYLE, J. and FLÉCHAIS, I. 2011. Here's Johnny: a methodology for developing attacker personas. In Proceedings of the 6th International conference on availability, reliability and security (ARES 2011), 22-26 Aug 2011, Vienna, Austria. Los Alamitos: IEEE Computer Society [online], pages 722-727. Available from: https://doi.org/10.1109/ARES.2011.115

Conference Name	6th International conference on availability, reliability and security (ARES 2011)
Conference Location	Vienna, Austria
Start Date	Aug 22, 2011
End Date	Aug 26, 2011
Acceptance Date	Aug 22, 2011
Online Publication Date	Oct 17, 2011
Publication Date	Dec 31, 2011
Deposit Date	Sep 19, 2021
Publicly Available Date	Dec 8, 2021
Publisher	IEEE Computer Society
Pages	722-727
ISBN	9781457709791
DOI	https://doi.org/10.1109/ares.2011.115
Keywords	User personas; Systems security; Security risk analysis; Attack tree; Hacking; Penetration testing; Toulmin model; Software engineering
Public URL	https://rgu-repository.worktribe.com/output/1437195