Casper: A Compiler for the Analysis of Security Protocols
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Model-Based Evaluation: From Dependability to Security
IEEE Transactions on Dependable and Secure Computing
Encyclopedia of Biometrics
Adversary-driven state-based system security evaluation
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Computer
Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE)
QEST '11 Proceedings of the 2011 Eighth International Conference on Quantitative Evaluation of SysTems
Characterizing Attackers and Attacks: An Empirical Study
PRDC '11 Proceedings of the 2011 IEEE 17th Pacific Rim International Symposium on Dependable Computing
On the security of public key protocols
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Biometric authentication systems verify the identity of users by relying on their distinctive traits, like fingerprint, face, iris, signature, voice, etc. Biometrics is commonly perceived as a strong authentication method; in practice several well-known vulnerabilities exist, and security aspects should be carefully considered, especially when it is adopted to secure the access to applications controlling critical systems and infrastructures. In this paper we perform a quantitative security evaluation of the CASHMA multi-biometric authentication system, assessing the security provided by different system configurations against attackers with different capabilities. The analysis is performed using the ADVISE modeling formalism, a formalism for security evaluation that extends attack graphs; it allows to combine information on the system, the attacker, and the metrics of interest to produce quantitative results. The obtained results provide useful insight on the security offered by the different system configurations, and demonstrate the feasibility of the approach to model security threats and countermeasures in real scenarios.