Threat Modelling Service Security as a Security Ceremony
Security ceremonies are extensions for security protocols. One goal of ceremony designers is to be able to use symbolic evaluation methods to verify claims embedded in ceremonies. Unfortunately, there are some pieces missing for that, such as, a base description language and a tailored threat model...
Saved in:
Published in | 2016 11th International Conference on Availability, Reliability and Security (ARES) pp. 195 - 204 |
---|---|
Main Authors | , |
Format | Conference Proceeding |
Language | English |
Published |
IEEE
01.08.2016
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Security ceremonies are extensions for security protocols. One goal of ceremony designers is to be able to use symbolic evaluation methods to verify claims embedded in ceremonies. Unfortunately, there are some pieces missing for that, such as, a base description language and a tailored threat model for security ceremonies. Our contributions in this paper are: a proposal for message description syntax, an augmented threat model to encompass the subtleties of security ceremonies and a strategy for symbolic evaluation using First Order Logic (FOL) and an automatic theorem prover. Furthermore, we propose a new threat model named Distributed Attacker (DA), which uses the adaptive threat model proposed by Carlos et al. and the Security Ceremony Concertina Traversal layers proposed by Bella et al. As a result, we present scenarios which can be formally analysed with our proposal. |
---|---|
DOI: | 10.1109/ARES.2016.59 |