Fwd: [briar-devel] Foo security

b. brewer bbrewer at littledystopia.net
Wed Aug 15 16:00:53 PDT 2012

-------- Original Message --------
Subject: [briar-devel] Foo security
Date: Wed, 15 Aug 2012 18:37:50 +0100
From: Michael Rogers <michael at briarproject.org>
To: briar-devel at lists.sourceforge.net

Hash: SHA1

Hi all,

Recently I've been thinking about an idea I'll call foo security,
since I haven't thought of a better name. It's possible that someone
else has already thought of this idea, but if so, I don't know what
they called it.

Foo security is an attempt to rethink information security from a
usability perspective. It's defined as follows:

   A system is foo secure with respect to a user if the system's
   security properties match or exceed the user's beliefs about those

A few strange things are apparent from this definition. First, foo
security is defined with respect to a user, so a system may be foo
secure for one user and foo insecure for another. Second, foo security
is defined with respect to a user's beliefs, so a system may become
foo secure or foo insecure due to a change in the user's beliefs, with
no change to the system. Third, a system that provides a security
property may be less foo secure than a system that doesn't, if the
user understands the latter system better than the former.

That last point is what led me to think about foo security. I wanted
to capture that fact that users change their behaviour based on their
beliefs about the systems they're using. If a user wrongly believes a
system to provide a stronger security property than it actually does,
she may be better off using a system that she knows does not provide
that property.

An example: BarChat is an unencrypted chat application. BazChat is an
encrypted chat application. BazChat's encryption can be defeated by
the chat server.

Alice believes that the conversations she has over BarChat can be read
by third parties. This belief is true, so BarChat is foo secure with
respect to Alice. Alice believes that the conversations she has over
BazChat cannot be read by any third party. This belief exceeds
reality, so BazChat is not foo secure with respect to Alice.

Later, Alice learns that the conversations she has over BazChat can be
read by a third party who controls the server. This belief is true, so
BazChat is now foo secure with respect to Alice, even though the
system itself hasn't changed.

I like this perspective because it suggests that we can improve the
security of systems we can't change, by improving the users'
understanding of the systems. In the case of systems we can change, we
might get a bigger improvement in foo security by changing the way
security properties are explained than by changing the properties
themseves. For example, we might improve a system's foo security by
using UI metaphors that suggest the actual security properties.

Version: GnuPG v1.4.10 (GNU/Linux)


Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
briar-devel mailing list
briar-devel at lists.sourceforge.net

More information about the cypherpunks-legacy mailing list