Invalid certificates in modern browsers: A socio-technical analysis

Giustolisi, Rosario; Bella, Giampaolo; Lenzini, Gabriele

doi:10.3233/jcs-16891

Cited by 5 publications

(3 citation statements)

References 44 publications

(53 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Giustolisi et al take a UML and model checking approach to analyse TLS certificate validation as carried out by modern browsers. They focus on security properties that also depend on user interaction, but users do not deviate from the possible choices that each browser supports [26]. Martina et al [6] and more recently Martimiano and Martina [27] reinforce the need to shift away from the classical Dolev-Yao attacker model to capture human-centred threats.…”

Section: Related Workmentioning

confidence: 99%

Modelling human threats in security ceremonies1

Bella

Giustolisi

Schürmann

2022

JCS

Self Cite

View full text Add to dashboard Cite

Socio-Technical Systems (STSs) combine the operations of technical systems with the choices and intervention of humans, namely the users of the technical systems. Designing such systems is far from trivial due to the interaction of heterogeneous components, including hardware components and software applications, physical elements such as tickets, user interfaces, such as touchscreens and displays, and notably, humans. While the possible security issues about the technical components are well known yet continuously investigated, the focus of this article is on the various levels of threat that human actors may pose, namely, the focus is on security ceremonies. The approach is to formally model human threats systematically and to formally verify whether they can break the security properties of a few running examples: two currently deployed Deposit-Return Systems (DRSs) and a variant that we designed to strengthen them. The two real-world DRSs are found to support security properties differently, and some relevant properties fail, yet our variant is verified to meet all the properties. Our human threat model is distributed and interacting: it formalises all humans as potential threatening users because they can execute rules that encode specific threats in addition to being honest, that is, to follow the prescribed rules of interaction with the technical system; additionally, humans may exchange information or objects directly, hence practically favour each other although no specific form of collusion is prescribed. We start by introducing four different human threat models, and some security properties are found to succumb against the strongest model, the addition of the four. The question then arises on what meaningful combinations of the four would not break the properties. This leads to the definition of a lattice of human threat models and to a general methodology to traverse it by verifying each node against the properties. The methodology is executed on our running example for the sake of demonstration. Our approach thus is modular and extensible to include additional threats, potentially even borrowed from existing works, and, consequently, to the growth of the corresponding lattice. STSs can easily become very complex, hence we deem modularity and extensibility of the human threat model as key factors. The current computer-assisted tool support is put to test but proves to be sufficient.

show abstract

Section: Related Workmentioning

confidence: 99%

Modelling human threats in security ceremonies1

Bella

Giustolisi

Schürmann

2022

JCS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Bella et al argue that security measures should become invisible or beautiful/dictatorial to stimulate the user to participate more willingly [Bella 2020]. They bring to attention that a security analysis should account for other socio-technical facets of the task that the user is trying to accomplish as well, for example when surfing the Internet [Giustolisi et al 2018]. With all this in mind, we adhered to Bella and Coles-Kemp's approach for specifying and verifying security ceremonies, comprised of five layers, which can be folded or unfolded to focus on specific details one would like to assert [Bella and Coles-Kemp 2012].…”

Section: Introductionmentioning

confidence: 99%

Six Characters in Search of a Security Problem: Pirandellian Masks for Security Ceremonies

Martimiano

Martina

2022

Anais Do XXII Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2022)

View full text Add to dashboard Cite

For the Italian play-writer and 1934 Nobel-Prize winner Luigi Pirandello, a fictional mask is either self-imposed or, in most cases, forced on by society, being what makes life possible. Drawing from that, we believe that due to the non-deterministic nature of the human being, the only way to specify and verify human-tailored security protocols (known as security ceremonies) is by the specification of masks that users wear in order to interact with ceremonies. In the current paper, we review further this literary inspiration and propose six possible masks: the Attentive, the Naive, the Careless, the Fearful, the Busy, and the Elder. We then discuss an example of how we can reason about security involving human beings, and present what still needs to be done.

show abstract

“…Example technical systems are protocols , such as the HTTP protocol, and notably protocols that also incorporate security measures, namely security protocols , such as the HTTPS security protocol. Correspondingly, example socio-technical systems are ceremonies , such as the HTTP ceremony, and notably ceremonies that also incorporate security measures, namely security ceremonies (Ellison, 2007), such as the HTTPS security ceremony (Giustolisi et al , 2018).…”

Section: Introductionmentioning

confidence: 99%

Out to explore the cybersecurity planet

Bella

2020

JIC

Self Cite

View full text Add to dashboard Cite

PurposeSecurity ceremonies still fail despite decades of efforts by researchers and practitioners. Attacks are often a cunning amalgam of exploits for technical systems and of forms of human behaviour. For example, this is the case with the recent news headline of a large-scale attack against Electrum Bitcoin wallets, which manages to spread a malicious update of the wallet app. The author therefore sets out to look at things through a different lens.Design/methodology/approachThe author makes the (metaphorical) hypothesis that humans arrived on Earth along with security ceremonies from a very far planet, the Cybersecurity planet. The author’s hypothesis continues, in that studying (by huge telescopes) the surface of Cybersecurity in combination with the logical projection on that surface of what happens on Earth is beneficial for us earthlings.FindingsThe author has spotted four cities so far on the remote planet. Democratic City features security ceremonies that allow humans to follow personal paths of practice and, for example, make errors or be driven by emotions. By contrast, security ceremonies in Dictatorial City compel to comply, hence humans here behave like programmed automata. Security ceremonies in Beautiful City are so beautiful that humans just love to follow them precisely. Invisible City has security ceremonies that are not perceivable, hence humans feel like they never encounter any. Incidentally, the words “democratic” and “dictatorial” are used without any political connotation.Originality/valueA key argument the author shall develop is that all cities but Democratic City address the human factor, albeit in different ways. In the light of these findings, the author will also discuss security ceremonies of our planet, such as WhatsApp Web login and flight boarding, and explore room for improving them based upon the current understanding of Cybersecurity.

show abstract

Invalid certificates in modern browsers: A socio-technical analysis

Cited by 5 publications

References 44 publications

Modelling human threats in security ceremonies1

Modelling human threats in security ceremonies1

Six Characters in Search of a Security Problem: Pirandellian Masks for Security Ceremonies

Out to explore the cybersecurity planet

Contact Info

Product

Resources

About