Automatic socio-technical security analysis
Organization
Cryptography Group
Abstract
Automated security analysis usually does not take into account the behavior of the user (e.g., that he might ignore warnings in browsers). Socio-technical security analysis takes into account both the cryptographic protocol and the user's behavior. However, to come up with a suitable description of the user's behavior is difficult, in particular it requires the expertise of a psychologist, not of a cryptographer. The task of this thesis is to make a prototype for a tool that automatically identifies user behaviors that upon which the protocol becomes insecure (using a model checker), and interactively guides a non-technical user (e.g., the psychologist) through the development of a user model that is complete enough for showing the socio-technical security of the protocol (or that shows that the protocol is vulnerable).
Graduation Theses defence year
2015-2016
Supervisor
Dominique Unruh
Spoken language (s)
English
Requirements for candidates
Background in cryptography or security, programming skills, interest in tools for protocol analysis (model checkers)
Level
Masters
Application of contact
Name
Dominique Unruh
Phone
-
E-mail