Simulating Perceptions of Security

@inproceedings{Wernick2017SimulatingPO,
  title={Simulating Perceptions of Security},
  author={Paul Wernick and Bruce Christianson and Joseph Spring},
  booktitle={Security Protocols Workshop},
  year={2017}
}
Systems complicated enough to have ongoing security issues are difficult to understand, and hard to model. The models are hard to understand, even when they are right (another reason they are usually wrong), and too complicated to use to make decisions. 

References

SHOWING 1-10 OF 10 REFERENCES
Blood in the Water
TLDR
It is observed that software systems enjoy a security “honeymoon period” in the early stages of their life-cycles but it takes attackers considerably longer to make their first discoveries of exploitable flaws in software systems.
The Sense of Security and a Countermeasure for the False Sense
TLDR
This paper looks into the emotional aspect of security technology and investigates the factors of users' feelings based on the user surveys and statistical analysis, and proposes an interface causing discomfort -- a warning interface for insecure situations.
Blood in the Water - Are there Honeymoon Effects Outside Software?
TLDR
This position paper examines representative examples in security protocols (Needham-Schroeder), crypto algorithms (hash functions), and security architecture (virtual machines), where an analysis of inter-arrival times of published papers discussing attacks suggests that honeymoons are enjoyed across a wide range of computer security defenses.
Living in an Impossible World: Real-izing the Consequences of Intransitive Trust
TLDR
This paper takes the stance that controlling the transitivity of trust requires to recognise trust as a non-referentially transparent modality, similar to but significantly weaker than the epistemic modalities, and to accept the corollary that imaginary threats can have real consequences that adversely affect online security.
Standardisation and Certification of the ‘Internet of Things’
TLDR
This paper presents a meta-modelling system that automates the very labor-intensive and therefore time-heavy and therefore expensive and expensive process of designing and testing vehicle security systems.
The Lifetime of Android API Vulnerabilities: Case Study on the JavaScript-to-Java Interface
List of distinct manufacturers (manufacturers.csv name, count) List of different operators (operators.csv name) Table of API version distribution for Android over time from Google Play
Software Process Dynamic Modelling for FEAST/1
  • Journal of Systems and Software;
  • 1999
Windows 10 backlash: Which? demands compo for forced upgrades; The Register; www.theregister.co.uk/2016/09/22/ windows_10_backlash_begins_which_calls_for_upgrade_compensation/; accessed
  • 2016
Updating to iOS 10 is bricking some iPhones and iPads; TechCrunch; https://techcrunch.com/2016/09/13/updating-to-ios-10-isbricking-some-iphones-and-ipads/; accessed
  • 2016