Security

Here's Johnny: A Methodology for Developing Attacker Personas

Free registration required

Executive Summary

The adversarial element is an intrinsic part of the design of secure systems, but the assumptions about attackers and threat is often limited or stereotypical. Although there has been previous work on applying user-centered design on Persona development to build personas for possible attackers, such work is only speculative and fails to build upon recent research. This paper presents an approach for developing Attacker Personas which is both grounded and validated by structured data about attackers. The authors describe a case study example where the personas were developed and used to support the development of a Context of Use description for the EU FP7 webinos project.

  • Format: PDF
  • Size: 482.9 KB