Threat Modelling Service Security as a Security Ceremony

Security ceremonies are extensions for security protocols. One goal of ceremony designers is to be able to use symbolic evaluation methods to verify claims embedded in ceremonies. Unfortunately, there are some pieces missing for that, such as, a base description language and a tailored threat model...

Full description

Saved in:
Bibliographic Details
Published in2016 11th International Conference on Availability, Reliability and Security (ARES) pp. 195 - 204
Main Authors Martimiano, Taciane, Martina, Jean Everson
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.08.2016
Subjects
Adaptation models
Cryptography
Formal Analysis
Peer-to-peer computing
Proposals
Protocols
Security Ceremonies
Service Security
Social-Technical Security
Threat Models
Online AccessGet full text

Cover

More Information
Summary:Security ceremonies are extensions for security protocols. One goal of ceremony designers is to be able to use symbolic evaluation methods to verify claims embedded in ceremonies. Unfortunately, there are some pieces missing for that, such as, a base description language and a tailored threat model for security ceremonies. Our contributions in this paper are: a proposal for message description syntax, an augmented threat model to encompass the subtleties of security ceremonies and a strategy for symbolic evaluation using First Order Logic (FOL) and an automatic theorem prover. Furthermore, we propose a new threat model named Distributed Attacker (DA), which uses the adaptive threat model proposed by Carlos et al. and the Security Ceremony Concertina Traversal layers proposed by Bella et al. As a result, we present scenarios which can be formally analysed with our proposal.
DOI:10.1109/ARES.2016.59