Title

Seeing the full picture: The case for extending security ceremony analysis

Document Type

Conference Proceeding

Publisher

secau Security Research Centre, Edith Cowan University, Perth, Western Australia

Faculty

Faculty of Computing, Health and Science

School

School of Computer and Security Science / Security Research Centre (secAU)

RAS ID

13084

Comments

This article was originally published as: Bella, G., & Coles-Kemp, L. (2011). Seeing the full picture: The case for extending security ceremony analysis. Paper presented at the 9th Australian Information Security Management Conference, Edith Cowan University, Perth Western Australia.

Abstract

The concept of the security ceremony was introduced a few years ago to complement the concept of the security protocol with everything about the context in which a protocol is run. In particular, such context involves the human executors of a protocol. When including human actors, human protocols become the focus, hence the concept of the security ceremony can be seen as part of the domain of socio-technical studies. This paper addresses the problem of ceremony analysis lacking the full view of human protocols. This paper categorises existing security ceremony analysis work and illustrates how the ceremony picture could be extended to support a more comprehensive analysis. The paper explores recent weaknesses found on the Amazon's web interface to illustrate different approaches to the analysis of the full ceremony picture.