Simulating Perceptions of Security

Research output: Chapter in Book/Report/Conference proceedingConference contribution

86 Downloads (Pure)

Abstract

Systems complicated enough to have ongoing security issues are difficult to understand, and hard to model. The models are hard to understand, even when they are right (another reason they are usually wrong), and too complicated to use to make decisions.

Instead attackers, developers, and users make security decisions based on their
{\em perceptions} of the system, and not on properties that the system actually has. These perceptions differ between communities, causing decisions made by
one community to appear irrational to another.

Attempting to predict such irrational behaviour by basing a model of perception on a model of the system is even more complicated than the original modelling problem we can't solve. Ockham's razor says to model the perceptions directly, since these will be simpler than the system itself.
Original languageEnglish
Title of host publicationSecurity Protocols XXV
Subtitle of host publication25th International Workshop, Cambridge, UK, March 20–22, 2017, Revised Selected Papers
EditorsF. Stajano, J. Anderson, B. Christianson, V. Matyáš
PublisherSpringer Nature
Chapter7
Pages60-68
Number of pages9
Volume10476 LNCS
Edition1
ISBN (Electronic)978-3-319-71075-4
ISBN (Print)978-3-319-71074-7
DOIs
Publication statusPublished - 29 Nov 2017
EventSecurity Protocols 25th International Workshop - Cambridge, United Kingdom
Duration: 20 Mar 201722 Mar 2017

Publication series

NameLecture Notes in Computer Science

Conference

ConferenceSecurity Protocols 25th International Workshop
Country/TerritoryUnited Kingdom
CityCambridge
Period20/03/1722/03/17

Cite this