Socio-technical formal analysis of TLS certificate validation in modern browsers

Bella, Giampaolo; Giustolisi, Rosario; Lenzini, Gabriele

doi:10.1109/pst.2013.6596067

Cited by 9 publications

(10 citation statements)

References 19 publications

(16 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The technical security analysis is applied to elements from UI A till p A and possibly p B till UI B , including the context(s). P A is modelled as a non-deterministic process i.e., interacting with process UI A in every possible way [23,24,9]. The technical analysis, can use formal tools of protocol analysis (e.g., model checking [25]), with the only difference that communications are now multi-layered.…”

Section: Methodologies For Socio-technical Security Analysismentioning

confidence: 99%

A Conceptual Framework to Study Socio-Technical Security

Ferreira

Huynen

Koenig

et al. 2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

Section: Methodologies For Socio-technical Security Analysismentioning

confidence: 99%

A Conceptual Framework to Study Socio-Technical Security

Ferreira

Huynen

Koenig

et al. 2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…It is the multi-layer approach what makes the analysis socio-technical. The analysis is targeted at complex socio-technical properties centred on the human [17], rather than merely technical ones such as key confidentiality in the traditional sense of security protocol analysis [10]. The findings at the various layers are combined to provide assurances or pinpoint weaknesses to the actual human users of the services.…”

Section: Approachmentioning

confidence: 99%

“…Our ceremony concertina traversal methodology, which has already produced valuable findings [17,35], shall be used to fully address these challenges.…”

Section: Challenge Domainsmentioning

confidence: 99%

“…It enables the researcher to take the guarantees of security and privacy that the technology establishes and to transmit them reliably and effectively to its users. For example, Bella et al have recently adopted it to analyse the TLS certificate validation ceremony [17], Huynen et al to identify critical decision points in the ceremonies that users follow to access WiFi networks via Hotspots [35], and Ferreira et al to outline a research framework [34].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Service security and privacy as a socio-technical problem

Bella

Curzon

Lenzini

2015

JCS

Self Cite

View full text Add to dashboard Cite

Abstract. The security and privacy of the data that users transmit, more or less deliberately, to modern services is an open problem. It is not solely limited to the actual Internet traversal, a sub-problem vastly tackled by consolidated research in security protocol design and analysis. By contrast, it entails much broader dimensions pertaining to how users approach technology and understand the risks for the data they enter. For example, users may express cautious or distracted personas depending on the service and the point in time; further, pre-established paths of practice may lead them to neglect the intrusive privacy policy offered by a service, or the outdated protections adopted by another.The approach that sees the service security and privacy problem as a socio-technical one needs consolidation. With this motivation, the article makes a threefold contribution. It reviews the existing literature on service security and privacy, especially from the socio-technical standpoint. Further, it outlines a general research methodology aimed at layering the problem appropriately, at suggesting how to position existing findings, and ultimately at indicating where a transdisciplinary task force may fit in. The article concludes with the description of the three challenge domains of services whose security and privacy we deem open socio-technical problems, not only due to their inherent facets but also to their huge number of users.

show abstract

“…We model ceremonies with UML sequence diagrams, a formalism that was successfully applied in socio-technical security analysis of TLS certificates [10]; it visually expresses all the sequential interactions (both Human-Computer and Computer-Computer) run by the players in the ceremony. This modelling is crucial for it defines the sets of interactions that can be analysed individually, in group, or at different levels of inter-dependency.…”

Section: Modelingmentioning

confidence: 99%