发布求助
文献互助 智能选刊 最新文献

Studies in Socio-technical Security Analysis: Authentication of Identities with TLS Certificates

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications Pub Date : 2013-07-16 DOI:10.1109/TrustCom.2013.190
Ana Ferreira, Rosario Giustolisi, Jean-Louis Huynen, Vincent Koenig, G. Lenzini
{"title":"Studies in Socio-technical Security Analysis: Authentication of Identities with TLS Certificates","authors":"Ana Ferreira, Rosario Giustolisi, Jean-Louis Huynen, Vincent Koenig, G. Lenzini","doi":"10.1109/TrustCom.2013.190","DOIUrl":null,"url":null,"abstract":"Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We performed such an analysis, and in this paper we comment on the tools and methodology we found appropriate. We first analysed the interaction ceremonies between users and the most used browsers in the market. Then we looked at user's understanding of those interactions. Our tools and our methodology depend on whether the user model has a non-deterministic or a realistic behaviour. We successfully applied formal methods in the first case. In the second, we had to define a security framework consistent with research methods of experimental cognitive science.","PeriodicalId":206739,"journal":{"name":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom.2013.190","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12

Abstract

Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We performed such an analysis, and in this paper we comment on the tools and methodology we found appropriate. We first analysed the interaction ceremonies between users and the most used browsers in the market. Then we looked at user's understanding of those interactions. Our tools and our methodology depend on whether the user model has a non-deterministic or a realistic behaviour. We successfully applied formal methods in the first case. In the second, we had to define a security framework consistent with research methods of experimental cognitive science.
分享
查看原文 本刊更多论文
社会技术安全分析研究:使用TLS证书验证身份
使用TLS证书验证web身份是一个典型的问题,其安全性取决于技术和人的两个方面,需要充分掌握社会技术分析。我们进行了这样的分析,并在本文中对我们认为合适的工具和方法进行了评论。我们首先分析了用户和市场上最常用的浏览器之间的交互仪式。然后我们观察用户对这些交互的理解。我们的工具和方法取决于用户模型是否具有不确定性或现实行为。我们在第一个案例中成功地应用了形式化方法。第二,我们必须定义一个符合实验认知科学研究方法的安全框架。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信