2013 Eleventh Annual Conference on Privacy, Security and Trust 2013
DOI: 10.1109/pst.2013.6596067
|View full text |Cite
|
Sign up to set email alerts
|

Socio-technical formal analysis of TLS certificate validation in modern browsers

Abstract: Abstract-Authenticating a web server is crucial to the security of web browsing. It relies on TLS certificate validation, a property whose enforcement may require getting the user involved. Thus, certificate validation is a socio-technical property -it relies on traditional security technology as well as on social elements such as cultural values, trust and human-computer interaction. Hence the need for an appropriate methodology to study certificate validation from a socio-technical perspective. Certificate v… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

1
9
0

Year Published

2014
2014
2022
2022

Publication Types

Select...
3
2
1

Relationship

5
1

Authors

Journals

citations
Cited by 9 publications
(10 citation statements)
references
References 19 publications
1
9
0
Order By: Relevance
“…The technical security analysis is applied to elements from UI A till p A and possibly p B till UI B , including the context(s). P A is modelled as a non-deterministic process i.e., interacting with process UI A in every possible way [23,24,9]. The technical analysis, can use formal tools of protocol analysis (e.g., model checking [25]), with the only difference that communications are now multi-layered.…”
Section: Methodologies For Socio-technical Security Analysismentioning
confidence: 99%
“…The technical security analysis is applied to elements from UI A till p A and possibly p B till UI B , including the context(s). P A is modelled as a non-deterministic process i.e., interacting with process UI A in every possible way [23,24,9]. The technical analysis, can use formal tools of protocol analysis (e.g., model checking [25]), with the only difference that communications are now multi-layered.…”
Section: Methodologies For Socio-technical Security Analysismentioning
confidence: 99%
“…It is the multi-layer approach what makes the analysis socio-technical. The analysis is targeted at complex socio-technical properties centred on the human [17], rather than merely technical ones such as key confidentiality in the traditional sense of security protocol analysis [10]. The findings at the various layers are combined to provide assurances or pinpoint weaknesses to the actual human users of the services.…”
Section: Approachmentioning
confidence: 99%
“…Our ceremony concertina traversal methodology, which has already produced valuable findings [17,35], shall be used to fully address these challenges.…”
Section: Challenge Domainsmentioning
confidence: 99%
See 1 more Smart Citation
“…We model ceremonies with UML sequence diagrams, a formalism that was successfully applied in socio-technical security analysis of TLS certificates [10]; it visually expresses all the sequential interactions (both Human-Computer and Computer-Computer) run by the players in the ceremony. This modelling is crucial for it defines the sets of interactions that can be analysed individually, in group, or at different levels of inter-dependency.…”
Section: Modelingmentioning
confidence: 99%