You are here

Threat Modelling Service Security and Privacy as a Security Ceremony

15 July 2015
San Francesco - Via della Quarquonia 1 (Classroom 1 )
Security Ceremonies are extensions for security protocols where we include all out-of-bounds pieces. Regular extensions for security ceremonies are the inclusion of human peers, key provisioning and their relation with the environment. One goal of ceremony designers is to be able to use symbolic evaluation methods to verify the claims embedded in such ceremonies. Unfortunately, there are some pieces missing for that, such as, a base description language and a tailored threat model for security ceremonies. Our contributions are: a standard syntax for messages description and an augmented threat model to encompass the subtleties of security ceremonies. Furthermore, we propose a new threat model, named Distributed Attacker (DA in brief), which is based on the ever changing threat model proposed by Carlos et al. and the Ceremony Concertina proposed by Bella et al.
Martina, Jean - Universidade Federal de Santa Catarina - Florianópolis