A Pattern for Secure Graphical User Interface Systems

Author

Fischer, Thomas ; Sadeghi, Ahmad-Reza ; Winandy, Marcel

Author_Institution

Horst Gortz Inst. for IT-Security, Ruhr-Univ. Bochum, Bochum, Germany

fYear

2009

fDate

Aug. 31 2009-Sept. 4 2009

Firstpage

186

Lastpage

190

Abstract

Several aspects of secure operating systems have been analyzed and described as security patterns. However, existing patterns do not cover explicitly the secure interaction of users with the user interface of applications. Especially graphical user interfaces tend to get complex and vulnerable to spoofing and eavesdropping, e.g., due to key loggers or fake dialog windows. A secure user interface system has to provide a trusted path between the user and the application the user intends to use. The trusted path must be able to ensure integrity and confidentiality of the transmitted data, and must allow for the verification of the authenticity of the end points. We present a pattern for secure graphical user interface systems and evaluate its use in different implementations. This pattern shows how to fulfill the security requirements of a trusted path while preserving, in a policy-driven way, the flexibility that graphical user interfaces generally demand.

Keywords

data integrity; graphical user interfaces; operating systems (computers); security of data; data confidentiality; data integrity; secure graphical user interface system; secure operating system; security pattern; Application software; Data security; Databases; Digital signatures; Expert systems; Graphical user interfaces; Keyboards; Operating systems; Pattern analysis; User interfaces; secure GUI; secure windowing system; security pattern;

fLanguage

English

Publisher

ieee

Conference_Titel

Database and Expert Systems Application, 2009. DEXA '09. 20th International Workshop on

Conference_Location

Linz

ISSN

1529-4188

Print_ISBN

978-0-7695-3763-4

Type

conf

DOI

10.1109/DEXA.2009.76

Filename

5337178