Seeing the full picture: The case for extending security ceremony analysis
Document Type
Conference Proceeding
Publisher
secau Security Research Centre, Edith Cowan University, Perth, Western Australia
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Security Science / Security Research Centre (secAU)
RAS ID
13084
Abstract
The concept of the security ceremony was introduced a few years ago to complement the concept of the security protocol with everything about the context in which a protocol is run. In particular, such context involves the human executors of a protocol. When including human actors, human protocols become the focus, hence the concept of the security ceremony can be seen as part of the domain of socio-technical studies. This paper addresses the problem of ceremony analysis lacking the full view of human protocols. This paper categorises existing security ceremony analysis work and illustrates how the ceremony picture could be extended to support a more comprehensive analysis. The paper explores recent weaknesses found on the Amazon's web interface to illustrate different approaches to the analysis of the full ceremony picture.
DOI
10.4225/75/57b55170cd8d1
Access Rights
free_to_read
Comments
Bella, G., & Coles-Kemp, L. (2011). Seeing the full picture: The case for extending security ceremony analysis. Paper presented at the 9th Australian Information Security Management Conference, Edith Cowan University, Perth Western Australia. Available here.