Probabilistic Modelling of Humans in Security Ceremonies
详细信息    查看全文
  • 刊名:Lecture Notes in Computer Science
  • 出版年:2015
  • 出版时间:2015
  • 年:2015
  • 卷:8872
  • 期:1
  • 页码:277-292
  • 全文大小:266 KB
  • 参考文献:1. Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Hankin, C., Schmidt, D. (eds.) POPL, pp. 104-15. ACM (2001)
    2. Abadi, M, Gordon, AD (1999) A calculus for cryptographic protocols: the spi calculus. Inf. Comput. 148: pp. 1-70 CrossRef
    3. Bella, G, Coles-Kemp, L Layered analysis of security ceremonies. In: Gritzalis, D, Furnell, S, Theoharidou, M eds. (2012) Information Security and Privacy Research. Springer, Heidelberg, pp. 273-286 CrossRef
    4. Bevan, N (2001) International standards for HCI and usability. Int. J. Hum. Comput. Stud. 55: pp. 533-552 CrossRef
    5. Billingsley, P (1961) Statistical Inference for Markov Processes. The University of Chicago Press, Chicago
    6. Blanchet, B.: Automatic proof of strong secrecy for security protocols. In: IEEE Symposium on Security and Privacy, pp. 86-02. IEEE Computer Society (2004)
    7. Blanchet, B (2008) A computationally sound mechanized prover for security protocols. IEEE Trans. Dependable Sec. Comput. 5: pp. 193-207 CrossRef
    8. Carlos, M.C., Martina, J.E., Price, G., Custódio, R.F.: An updated threat model for security ceremonies. In: Shin, S.Y., Maldonado, J.C. (eds.) 28th Annual ACM Symposium on Applied Computing (SAC 2013), pp. 1836-843. ACM (2013)
    9. Dolev, D, Yao, AC (1983) On the security of public key protocols. IEEE Trans. Inf. Theory 29: pp. 198-207 CrossRef
    10. Ellison, C.: Ceremony design and analysis. Cryptology ePrint Archive, Report 2007/399 (2007)
    11. Ferreira, A., Giustolisi, R., Huynen, J.L., Koenig, V., Lenzini, G.: Studies in socio-technical security analysis: authentication of identities with TLS certificates. In: TrustCom/ISPA/IUCC, pp. 1553-558. IEEE (2013)
    12. Glabbeek, RJ, Smolka, SA, Steffen, B (1995) Reactive, generative and stratified models of probabilistic processes. Inf. Comput. 121: pp. 59-80 CrossRef
    13. Goldsmith, M, Lowe, G, Roscoe, B, Ryan, P, Schneider, S (2000) Modelling and Analysis of Security Protocols. Pearson Education, Harlow
    14. Groote, J.F., Mathijssen, A., Reniers, M.A., Usenko, Y.S., van Weerdenburg, M.: The formal specification language mCRL2. In: Methods for Modelling Software Systems (MMOSS 2006). Dagstuhl Seminar Proceedings, vol. 06351 (2007)
    15. Harel, D, Tiuryn, J, Kozen, D (2000) Dynamic Logic. MIT Press, Cambridge
    16. Higuera, C, Oncina, J Learning stochastic finite automata. In: Paliouras, G, Sakakibara, Y eds. (2004) Grammatical Inference: Algorithms and Applications. Springer, Heidelberg, pp. 175-186 CrossRef
    17. Jonsson, B, Larsen, KG, Yi, W Probabilistic extensions of process algebras. In: Bergstra, J, Ponse, A, Smolka, S eds. (2001) Handbook of Process Algebras. Elsevier, Amsterdam, pp. 685-711 CrossRef
    18. Kwiatkowska, M., Norman, G., Parker, D.: Advances and challenges of probabilistic model checking. In: Proceedings of the 48th Annual Allerton Conference on Communication, Control and Computing, pp. 1691-698. IEEE Press (2010)
    19. Larsen, KG, Skou, A (1991) Bisimulation through probabilistic testing. Inf. Comput. 94: pp. 1-28 CrossRef
    20. Latour, B (2005) Reassembling the Social - An Introduction to Actor-Network-Theory. Oxford University Press, Oxford
    21. Lowe, G (1996) Breaking and fixing the needham-schroeder public-key protocol using FDR. Softw. Concepts Tools 17: pp. 93-102
    22. Mitchell, J.C., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using Murphi. In: IEEE Symposium on Security and Privacy, pp. 141-51. IEEE Computer Society (1997)
    23. Newell, A (1990) Unified Theories of Cognition. Harvard University Press, Cambridge
    24. Norman, G, Parker, D, Sproston, J (2013) Model checking for probabilistic timed automata. Formal Meth. Syst. Des. 43: pp. 164-190
  • 作者单位:Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance
  • 丛书名:978-3-319-17015-2
  • 刊物类别:Computer Science
  • 刊物主题:Artificial Intelligence and Robotics
    Computer Communication Networks
    Software Engineering
    Data Encryption
    Database Management
    Computation by Abstract Devices
    Algorithm Analysis and Problem Complexity
  • 出版者:Springer Berlin / Heidelberg
  • ISSN:1611-3349
文摘
We are interested in formal modelling and verification of security ceremonies. Considerable efforts have been put into verifying security protocols, with quite successful tools currently being widely used. The relatively recent concept of security ceremonies, introduced by Carl Ellison, increases the complexity of protocol analysis in several directions: a ceremony should include all relevant out-of-bad assumptions, should compose protocols, and should include the human agent. Work on modelling human agents as part of IT systems is quite limited, and the few existing studies come from psychology or sociology. A step towards understanding how to model and analyse security ceremonies is to integrate a model of human agents with models for protocols (or combination of protocols). Current works essentially model human agent interaction with a user interface as a nondeterministic process. In this paper we propose a more realistic model which includes more information about the user interaction, obtained by sociologists usually through experiments and observation, and model the actions of a human agent as a probabilistic process. An important point that we make in this paper is to separate the model of the human and the model of the user interface, and to provide a “compilation-operation putting the two together and encoding the interaction between the human and the interface. We base our work on a recently proposed model for security ceremonies, which we call the Bella-Coles-Kemp model.
NGLC 2004-2010.National Geological Library of China All Rights Reserved.
Add:29 Xueyuan Rd,Haidian District,Beijing,PRC. Mail Add: 8324 mailbox 100083
For exchange or info please contact us via email.