Simulating Perceptions of Security

Wernick, Paul; Christianson, Bruce; Spring, Joseph

doi:10.1007/978-3-319-71075-4_7

Paul Wernick¹⁷,
Bruce Christianson¹⁷ &
Joseph Spring¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10476))

Included in the following conference series:

Cambridge International Workshop on Security Protocols

619 Accesses

Abstract

Systems complicated enough to have ongoing security issues are difficult to understand, and hard to model. The models are hard to understand, even when they are right (another reason they are usually wrong), and too complicated to use to make decisions.

Instead attackers, developers, and users make security decisions based on their perceptions of the system, and not on properties that the system actually has. These perceptions differ between communities, causing decisions made by one community to appear irrational to another.

Attempting to predict such irrational behaviour by basing a model of perception on a model of the system is even more complicated than the original modelling problem we can’t solve. Ockham’s razor says to model the perceptions directly, since these will be simpler than the system itself.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+

from €37.37 /Month

Starting from 10 chapters or articles per month
Access and download chapters and articles from more than 300k books and 2,500 journals
Cancel anytime

Buy Now

Chapter: EUR 29.95; Price includes VAT (Netherlands)

eBook: EUR 42.79; Price includes VAT (Netherlands)

Softcover Book: EUR 54.49; Price includes VAT (Netherlands)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

The Development of a Model of the Formation of Cybersecurity Outlines Based on Multi Criteria Optimization and Game Theory

Shaping Our Mental Model of Security

Meta-modelling for Ecosystems Security

Notes

1.
The term ‘system’ as employed here includes a computer’s operating system, as well as any countermeasures such as antivirus and other programs, and mobile and other inter-connected devices. Our argument applies to all of these.
2.
cf. [1].
3.
http://www.comparemymobile.com/, accessed 11 October 2016.
4.
Many commercial organisations test updates received from suppliers before distributing them to their user base, a protection unavailable to the private user.
5.
Manny Lehman, conversation with Paul Wernick, 1997.

References

Christianson, B.: Living in an impossible world: real-izing the consequences of intransitive trust. Philos. Technol. 26(4), 411–429 (2013)
Article Google Scholar
Clark, S., Blaze, M., Smith, J.: Blood in the water: are there honeymoon effects outside software? In: Christianson, B., Malcolm, J. (eds.) Security Protocols 2010. LNCS, vol. 7061, pp. 12–17. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45921-8_4
Google Scholar
Leverett, E., Clayton, R., Anderson, R.: Standardisation and certification of the ‘Internet of Things’. In: Proceedings of WEIS 2017 (2017)
Google Scholar
Murayama, Y., Fujihara, Y., Nishioka, D.: The sense of security and a countermeasure for the false sense. In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols 2011. LNCS, vol. 7114, pp. 205–214. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25867-1_20
Chapter Google Scholar
Robinson, D.: Windows 10 backlash: which? demands compo for forced upgrades; The Register (2016). www.theregister.co.uk/2016/09/22/windows_10_backlash_begins_which_calls_for_upgrade_compensation/. Accessed 21 Nov 2016
System Dynamics Society: What is System Dynamics? (2016). http://www.systemdynamics.org/what-is-s/. Accessed 7 Dec 2016
Tepper, F.: Updating to iOS 10 is bricking some iPhones and iPads; TechCrunch (2016). https://techcrunch.com/2016/09/13/updating-to-ios-10-is-bricking-some-iphones-and-ipads/. Accessed 11 Oct 2016
Thomas, D.R., Beresford, A.R., Coudray, T., Sutcliffe, T., Taylor, A.: The lifetime of android api vulnerabilities: case study on the javascript-to-java interface. In: Christianson, B., Švenda, P., Matyáš, V., Malcolm, J., Stajano, F., Anderson, J. (eds.) Security Protocols 2015. LNCS, vol. 9379, pp. 126–138. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26096-9_13
Chapter Google Scholar
Ventana Systems, Inc. (2016). https://vensim.com/. Accessed 7 Dec 2016
Wernick, P., Lehman, M.M.: Software process dynamic modelling for FEAST/1. J. Syst. Softw. 46, 193–201 (1999)
Article Google Scholar

Download references

Author information

Authors and Affiliations

University of Hertfordshire, Hatfield, UK
Paul Wernick, Bruce Christianson & Joseph Spring

Authors

Paul Wernick
View author publications
Search author on:PubMed Google Scholar
Bruce Christianson
View author publications
Search author on:PubMed Google Scholar
Joseph Spring
View author publications
Search author on:PubMed Google Scholar

Corresponding author

Correspondence to Paul Wernick .

Editor information

Editors and Affiliations

University of Cambridge, Cambridge, United Kingdom
Frank Stajano
Memorial University of Newfoundland, St. John’s, Newfoundland and Labrador, Canada
Jonathan Anderson
University of Hertfordshire, Hatfield, United Kingdom
Bruce Christianson
Masaryk University, Brno, Czech Republic
Vashek Matyáš

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Wernick, P., Christianson, B., Spring, J. (2017). Simulating Perceptions of Security. In: Stajano, F., Anderson, J., Christianson, B., Matyáš, V. (eds) Security Protocols XXV. Security Protocols 2017. Lecture Notes in Computer Science(), vol 10476. Springer, Cham. https://doi.org/10.1007/978-3-319-71075-4_7

Download citation

DOI: https://doi.org/10.1007/978-3-319-71075-4_7
Published: 29 November 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71074-7
Online ISBN: 978-3-319-71075-4
eBook Packages: Computer ScienceComputer Science (R0)Springer Nature Proceedings Computer Science

Publish with us

Policies and ethics