Abstract
Systems complicated enough to have ongoing security issues are difficult to understand, and hard to model. The models are hard to understand, even when they are right (another reason they are usually wrong), and too complicated to use to make decisions.
Instead attackers, developers, and users make security decisions based on their
{\em perceptions} of the system, and not on properties that the system actually has. These perceptions differ between communities, causing decisions made by
one community to appear irrational to another.
Attempting to predict such irrational behaviour by basing a model of perception on a model of the system is even more complicated than the original modelling problem we can't solve. Ockham's razor says to model the perceptions directly, since these will be simpler than the system itself.
Instead attackers, developers, and users make security decisions based on their
{\em perceptions} of the system, and not on properties that the system actually has. These perceptions differ between communities, causing decisions made by
one community to appear irrational to another.
Attempting to predict such irrational behaviour by basing a model of perception on a model of the system is even more complicated than the original modelling problem we can't solve. Ockham's razor says to model the perceptions directly, since these will be simpler than the system itself.
Original language | English |
---|---|
Title of host publication | Security Protocols XXV |
Subtitle of host publication | 25th International Workshop, Cambridge, UK, March 20–22, 2017, Revised Selected Papers |
Editors | F. Stajano, J. Anderson, B. Christianson, V. Matyáš |
Publisher | Springer Nature |
Chapter | 7 |
Pages | 60-68 |
Number of pages | 9 |
Volume | 10476 LNCS |
Edition | 1 |
ISBN (Electronic) | 978-3-319-71075-4 |
ISBN (Print) | 978-3-319-71074-7 |
DOIs | |
Publication status | Published - 29 Nov 2017 |
Event | Security Protocols 25th International Workshop - Cambridge, United Kingdom Duration: 20 Mar 2017 → 22 Mar 2017 |
Publication series
Name | Lecture Notes in Computer Science |
---|
Conference
Conference | Security Protocols 25th International Workshop |
---|---|
Country/Territory | United Kingdom |
City | Cambridge |
Period | 20/03/17 → 22/03/17 |