This document is the Accepted Manuscript of a conference paper published in Proceedings of the Cambridge International Workshop on Security Protocols 2017. Under embargo until 29 November 2018. The final publication is available at Springer via: https://doi.org/10.1007/978-3-319-71075-4_7Systems complicated enough to have ongoing security issues are difficult to understand, and hard to model. The models are hard to understand, even when they are right (another reason they are usually wrong), and too complicated to use to make decisions. Instead attackers, developers, and users make security decisions based on their {\em perceptions} of the system, and not on properties that the system actually has. These perceptions differ between communiti...
Over the last twenty years, technical controls for information security have advanced and matured co...
Mental models, informal representations of reality, provide an appealing explanation for the apparen...
A method for evaluating security models is developed and applied to the model of Bell and LaPadula. ...
peer reviewedThe set of impressions that a user has about distinct aspects of a system depends on th...
The task of designing secure software systems is fraught with uncertainty, as data on uncommon attac...
Stakeholders' security decisions play a fundamental role in determining security requirements, yet, ...
In traditional interactions that do not rely on technology, most people are able to assess risks to ...
The perception of risk is a driver for security analysts' decision making. However, security analyst...
Computer security has traditionally been assessed from a technical point of view. Another way to ass...
Information systems are pervasive in our everyday life. Anyone who is online must deal with the cons...
This position paper describes work on trust assumptions in the con-text of security requirements. We...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
University of Minnesota M.S. thesis. 2019. Major: Computer Science. Advisor: Peter peterson. 1 compu...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
Traditionally, security is only considered as strong as its weakest link, and people were considered...
Over the last twenty years, technical controls for information security have advanced and matured co...
Mental models, informal representations of reality, provide an appealing explanation for the apparen...
A method for evaluating security models is developed and applied to the model of Bell and LaPadula. ...
peer reviewedThe set of impressions that a user has about distinct aspects of a system depends on th...
The task of designing secure software systems is fraught with uncertainty, as data on uncommon attac...
Stakeholders' security decisions play a fundamental role in determining security requirements, yet, ...
In traditional interactions that do not rely on technology, most people are able to assess risks to ...
The perception of risk is a driver for security analysts' decision making. However, security analyst...
Computer security has traditionally been assessed from a technical point of view. Another way to ass...
Information systems are pervasive in our everyday life. Anyone who is online must deal with the cons...
This position paper describes work on trust assumptions in the con-text of security requirements. We...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
University of Minnesota M.S. thesis. 2019. Major: Computer Science. Advisor: Peter peterson. 1 compu...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
Traditionally, security is only considered as strong as its weakest link, and people were considered...
Over the last twenty years, technical controls for information security have advanced and matured co...
Mental models, informal representations of reality, provide an appealing explanation for the apparen...
A method for evaluating security models is developed and applied to the model of Bell and LaPadula. ...