-------- Original Message -------- Subject: [briar-devel] Foo security Date: Wed, 15 Aug 2012 18:37:50 +0100 From: Michael Rogers <michael@briarproject.org> To: briar-devel@lists.sourceforge.net -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Recently I've been thinking about an idea I'll call foo security, since I haven't thought of a better name. It's possible that someone else has already thought of this idea, but if so, I don't know what they called it. Foo security is an attempt to rethink information security from a usability perspective. It's defined as follows: A system is foo secure with respect to a user if the system's security properties match or exceed the user's beliefs about those properties. A few strange things are apparent from this definition. First, foo security is defined with respect to a user, so a system may be foo secure for one user and foo insecure for another. Second, foo security is defined with respect to a user's beliefs, so a system may become foo secure or foo insecure due to a change in the user's beliefs, with no change to the system. Third, a system that provides a security property may be less foo secure than a system that doesn't, if the user understands the latter system better than the former. That last point is what led me to think about foo security. I wanted to capture that fact that users change their behaviour based on their beliefs about the systems they're using. If a user wrongly believes a system to provide a stronger security property than it actually does, she may be better off using a system that she knows does not provide that property. An example: BarChat is an unencrypted chat application. BazChat is an encrypted chat application. BazChat's encryption can be defeated by the chat server. Alice believes that the conversations she has over BarChat can be read by third parties. This belief is true, so BarChat is foo secure with respect to Alice. Alice believes that the conversations she has over BazChat cannot be read by any third party. This belief exceeds reality, so BazChat is not foo secure with respect to Alice. Later, Alice learns that the conversations she has over BazChat can be read by a third party who controls the server. This belief is true, so BazChat is now foo secure with respect to Alice, even though the system itself hasn't changed. I like this perspective because it suggests that we can improve the security of systems we can't change, by improving the users' understanding of the systems. In the case of systems we can change, we might get a bigger improvement in foo security by changing the way security properties are explained than by changing the properties themseves. For example, we might improve a system's foo security by using UI metaphors that suggest the actual security properties. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQK95uAAoJEBEET9GfxSfMzXsH/1StNEzWMvclHqT5ExarEJbn slkxo+ih1I6iiIfLqpW/WnavilG3QI4dNVSLqNMub7zEgUDrD4PxiyNxazmVzztN reLtBzpYlnVbqyS8QPZupebabySDLjKEnrlRj+fNyrmhp83+4m5Qd97vg+Bt85nC neLUoYc+YREsZIJqEpdolrLPnsH+jCKKEVYaB6CAObrLAH4bi721gnBmdrMxRCX/ DBsvANePFppuOXMOpZJ7ilhgoXsNg7BUfN7q9W3PSg3dnkIZ7mvoqmv2GGmTXSGo dyBDLU5NRV26s2xonjFGLQILsaIcu5e44nkt4IleiNO3uhGuPNolWYzWpyXypZE= =WzjW -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ briar-devel mailing list briar-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/briar-devel