{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,11]],"date-time":"2025-06-11T17:03:30Z","timestamp":1749661410134,"version":"3.40.3"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031147845"},{"type":"electronic","value":"9783031147852"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-14785-2_5","type":"book-chapter","created":{"date-parts":[[2022,8,22]],"date-time":"2022-08-22T15:09:08Z","timestamp":1661180948000},"page":"70-89","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Models-Based Analysis of\u00a0Both\u00a0User and\u00a0Attacker Tasks: Application to\u00a0EEVEHAC"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2299-8030","authenticated-orcid":false,"given":"Sara","family":"Nikula","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7907-3170","authenticated-orcid":false,"given":"C\u00e9lia","family":"Martinie","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5381-971X","authenticated-orcid":false,"given":"Philippe","family":"Palanque","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7558-9687","authenticated-orcid":false,"given":"Julius","family":"Hekkala","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8083-8986","authenticated-orcid":false,"given":"Outi-Marja","family":"Latvala","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1169-5920","authenticated-orcid":false,"given":"Kimmo","family":"Halunen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,8,16]]},"reference":[{"key":"5_CR1","doi-asserted-by":"publisher","first-page":"109905","DOI":"10.1109\/ACCESS.2020.3001996","volume":"8","author":"FA Al-Zahrani","year":"2020","unstructured":"Al-Zahrani, F.A.: Evaluating the usable-security of healthcare software through unified technique of fuzzy logic, ANP and TOPSIS. IEEE Access 8, 109905\u2013109916 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.3001996","journal-title":"IEEE Access"},{"key":"5_CR2","doi-asserted-by":"publisher","unstructured":"Atzeni, A., Cameroni, C., Faily, S., Lyle, J., Flechais, I.: Here\u2019s Johnny: a methodology for developing attacker personas. In: 2011 Sixth International Conference on Availability, Reliability and Security, pp. 722\u2013727 (2011). https:\/\/doi.org\/10.1109\/ARES.2011.115","DOI":"10.1109\/ARES.2011.115"},{"key":"5_CR3","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1016\/j.cose.2015.03.001","volume":"51","author":"L ben Othmane","year":"2015","unstructured":"ben Othmane, L., Ranchal, R., Fernando, R., Bhargava, B., Bodden, E.: Incorporating attacker capabilities in risk estimation and mitigation. Comput. Secur. 51, 41\u201361 (2015). https:\/\/doi.org\/10.1016\/j.cose.2015.03.001","journal-title":"Comput. Secur."},{"key":"5_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1007\/978-3-030-64266-2_2","volume-title":"Human-Centered Software Engineering","author":"R Bernhaupt","year":"2020","unstructured":"Bernhaupt, R., Martinie, C., Palanque, P., Wallner, G.: A generic visualization approach supporting task-based evaluation of usability and user experience. In: Bernhaupt, R., Ardito, C., Sauer, S. (eds.) HCSE 2020. LNCS, vol. 12481, pp. 24\u201344. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64266-2_2"},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Boldyreva, A., Chen, S., Dupont, P.A., Pointcheval, D.: Human computing for handling strong corruptions in authenticated key exchange. In: 2017 IEEE 30th Computer Security Foundations Symposium (CSF), pp. 159\u2013175. IEEE (2017)","DOI":"10.1109\/CSF.2017.31"},{"key":"5_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/978-3-540-74800-7_9","volume-title":"Human-Computer Interaction \u2013 INTERACT 2007","author":"C Braz","year":"2007","unstructured":"Braz, C., Seffah, A., M\u2019Raihi, D.: Designing a trade-off between usability and security: a metrics based-model. In: Baranauskas, C., Palanque, P., Abascal, J., Barbosa, S.D.J. (eds.) INTERACT 2007. LNCS, vol. 4663, pp. 114\u2013126. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74800-7_9"},{"key":"5_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/978-3-030-64266-2_4","volume-title":"Human-Centered Software Engineering","author":"N Broders","year":"2020","unstructured":"Broders, N., Martinie, C., Palanque, P., Winckler, M., Halunen, K.: A generic multimodels-based approach for the analysis of usability and security of authentication mechanisms. In: Bernhaupt, R., Ardito, C., Sauer, S. (eds.) HCSE 2020. LNCS, vol. 12481, pp. 61\u201383. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64266-2_4"},{"key":"5_CR8","doi-asserted-by":"publisher","unstructured":"Brostoff, S., Sasse, M.A.: Are Passfaces more usable than passwords? A field trial investigation. In: McDonald, S., Waern, Y., Cockton, G. (eds) People and Computers XIV \u2013 Usability or Else!. Springer, London (2000). https:\/\/doi.org\/10.1007\/978-1-4471-0515-2_27","DOI":"10.1007\/978-1-4471-0515-2_27"},{"key":"5_CR9","doi-asserted-by":"publisher","unstructured":"Carbone, R., Compagna, L., Panichella, A., Ponta, S.E.: Security threat identification and testing. In: 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST), pp. 1\u20138 (2015). https:\/\/doi.org\/10.1109\/ICST.2015.7102630","DOI":"10.1109\/ICST.2015.7102630"},{"key":"5_CR10","unstructured":"Card, S.K., Moran, T.P., Newell, A.: The model human processor: an engineering model of human performance. In: Handbook of Perception and Human Performance, pp. 1\u201335 (1986)"},{"key":"5_CR11","doi-asserted-by":"publisher","unstructured":"Daemen, J., Rijmen, V.: The Design of Rijndael, vol. 2. Springer, Heidelberger (2002). https:\/\/doi.org\/10.1007\/978-3-662-60769-5","DOI":"10.1007\/978-3-662-60769-5"},{"key":"5_CR12","doi-asserted-by":"publisher","unstructured":"De Angeli, A., Coventry, L., Johnson, G., Coutts, M.: Usability and user authentication: pictorial passwords vs. PIN, pp. 240\u2013245. Taylor and Francis, UK (2003). https:\/\/doi.org\/10.1201\/b12800","DOI":"10.1201\/b12800"},{"key":"5_CR13","doi-asserted-by":"publisher","unstructured":"El Batran, K., Dunlop, M.D.: Enhancing KLM (keystroke-level model) to fit touch screen mobile devices. In: Proceedings of the 16th International Conference on Human-Computer Interaction with Mobile Devices and Services, p. 283\u2013286. MobileHCI 2014, Association for Computing Machinery, NY (2014). https:\/\/doi.org\/10.1145\/2628363.2628385","DOI":"10.1145\/2628363.2628385"},{"key":"5_CR14","doi-asserted-by":"publisher","unstructured":"Encina, C.O., Fernandez, E.B., Monge, A.R.: Threat analysis and misuse patterns of federated inter-cloud systems. In: Proceedings of the 19th European Conference on Pattern Languages of Programs. EuroPLoP 2014, Association for Computing Machinery, NY (2014). https:\/\/doi.org\/10.1145\/2721956.2721986","DOI":"10.1145\/2721956.2721986"},{"key":"5_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1007\/978-3-319-10879-7_15","volume-title":"Security and Cryptography for Networks","author":"AG Forte","year":"2014","unstructured":"Forte, A.G., Garay, J.A., Jim, T., Vahlis, Y.: EyeDecrypt \u2014 private interactions in plain sight. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 255\u2013276. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-10879-7_15"},{"key":"5_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2020.100340","volume":"39","author":"K Halunen","year":"2021","unstructured":"Halunen, K., Latvala, O.M.: Review of the use of human senses and capabilities in cryptography. Comput. Sci. Rev. 39, 100340 (2021)","journal-title":"Comput. Sci. Rev."},{"key":"5_CR17","doi-asserted-by":"publisher","unstructured":"Hekkala, J., Nikula, S., Latvala, O., Halunen, K.: Involving humans in the cryptographic loop: introduction and threat analysis of EEVEHAC. In: Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT, pp. 659\u2013664. INSTICC, SciTePress (2021). https:\/\/doi.org\/10.5220\/0010517806590664","DOI":"10.5220\/0010517806590664"},{"key":"5_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"204","DOI":"10.1007\/978-3-642-23768-3_18","volume-title":"Human-Computer Interaction \u2013 INTERACT 2011","author":"P Holleis","year":"2011","unstructured":"Holleis, P., Scherr, M., Broll, G.: A revised mobile KLM for interaction with multiple NFC-tags. In: Campos, P., Graham, N., Jorge, J., Nunes, N., Palanque, P., Winckler, M. (eds.) INTERACT 2011. LNCS, vol. 6949, pp. 204\u2013221. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23768-3_18"},{"key":"5_CR19","unstructured":"ISO: ISO 9241\u201311:2018 ergonomics of human-system interaction part 11: Usability: Definitions and concepts. International Organization for Standardization"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Krawczyk, H., Bellare, M., Canetti, R.: HMAC: keyed-hashing for message authentication (1997)","DOI":"10.17487\/rfc2104"},{"key":"5_CR21","doi-asserted-by":"publisher","unstructured":"Martinie, C., Grigoriadis, C., Kalogeraki, E.M., Kotzanikolaou, P.: Modelling human tasks to enhance threat identification in critical maritime systems, pp. 375\u2013380. PCI 2021, Association for Computing Machinery, NY (2021). https:\/\/doi.org\/10.1145\/3503823.3503892","DOI":"10.1145\/3503823.3503892"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Martinie, C., Palanque, P., Bouzekri, E., Cockburn, A., Canny, A., Barboni, E.: Analysing and demonstrating tool-supported customizable task notations. Proc. ACM Hum.-Comput. Interact. 3(EICS), 1\u201326 (2019)","DOI":"10.1145\/3331154"},{"key":"5_CR23","doi-asserted-by":"publisher","unstructured":"Martinie, C., Navarre, D., Palanque, P., Fayollas, C.: A generic tool-supported framework for coupling task models and interactive applications. In: Proceedings of the 7th ACM SIGCHI Symposium on Engineering Interactive Computing Systems, pp. 244\u2013253. EICS 2015, Association for Computing Machinery, NY (2015). https:\/\/doi.org\/10.1145\/2774225.2774845","DOI":"10.1145\/2774225.2774845"},{"key":"5_CR24","doi-asserted-by":"publisher","unstructured":"Moeckel, C.: From user-centred design to security: building attacker personas for digital banking. In: Proceedings of the 10th Nordic Conference on Human-Computer Interaction, pp. 892\u2013897. NordiCHI 2018, Association for Computing Machinery, NY (2018). https:\/\/doi.org\/10.1145\/3240167.3240241","DOI":"10.1145\/3240167.3240241"},{"issue":"5","key":"5_CR25","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1080\/0144929X.2016.1262897","volume":"36","author":"MA Mohamed","year":"2017","unstructured":"Mohamed, M.A., Chakraborty, J., Dehlinger, J.: Trading off usability and security in user interface design through mental models. Behav. Inf. Technol. 36(5), 493\u2013516 (2017). https:\/\/doi.org\/10.1080\/0144929X.2016.1262897","journal-title":"Behav. Inf. Technol."},{"key":"5_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BFb0053419","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201994","author":"M Naor","year":"1995","unstructured":"Naor, M., Shamir, A.: Visual cryptography. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 1\u201312. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/BFb0053419"},{"key":"5_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1007\/978-3-030-54549-9_21","volume-title":"Computer Safety, Reliability, and Security","author":"H Nishihara","year":"2020","unstructured":"Nishihara, H., Kawanishi, Y., Souma, D., Yoshida, H.: On validating attack trees with attack effects. In: Casimiro, A., Ortmeier, F., Bitsch, F., Ferreira, P. (eds.) SAFECOMP 2020. LNCS, vol. 12234, pp. 309\u2013324. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-54549-9_21"},{"key":"5_CR28","unstructured":"Sasse, M.: Computer security: anatomy of a usability disaster, and a plan for recovery (2003)"},{"issue":"12","key":"5_CR29","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s J. 24(12), 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s J."},{"key":"5_CR30","doi-asserted-by":"crossref","unstructured":"Somayaji, A., Mould, D., Brown, C.: Towards narrative authentication: or, against boring authentication. In: Proceedings of the 2013 New Security Paradigms Workshop, pp. 57\u201364 (2013)","DOI":"10.1145\/2535813.2535820"}],"container-title":["Lecture Notes in Computer Science","Human-Centered Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-14785-2_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,2]],"date-time":"2022-12-02T15:13:28Z","timestamp":1669994008000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-14785-2_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031147845","9783031147852"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-14785-2_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"16 August 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"HCSE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Human-Centred Software Engineering","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Eindhoven","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 August 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"hcse2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/hcse-conference.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"25","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"44% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Additionally, 2 demo\/poster papers underwent single-blind review and were accepted.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}