Socio-Technical Security; Ceremony Analysis; Human Computer Interaction
Résumé :
[en] Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We performed such an analysis, and in this paper we comment on the tools and methodology we found appropriate. We first analysed the interaction ceremonies between users and the most used browsers in the market. Then we looked at user's understanding of those interactions. Our tools and our methodology depend on whether the user model has a non-deterministic or a realistic behaviour. We successfully applied formal methods in the first case. In the second, we had to define a security framework consistent with research methods of experimental cognitive science.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust - SnT
Disciplines :
Sciences informatiques
Auteur, co-auteur :
FERREIRA, Ana ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
GIUSTOLISI, Rosario ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
HUYNEN, Jean-Louis ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
KOENIG, Vincent ; University of Luxembourg > Faculty of Language and Literature, Humanities, Arts and Education (FLSHASE) > Educational Measurement and Applied Cognitive Science (EMACS)
LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Langue du document :
Anglais
Titre :
Studies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates
Date de publication/diffusion :
2013
Nom de la manifestation :
The 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-13)
