A Socio-technical Understanding of TLS Certificate Validation

Abstract : To authenticate a web server, modern browsers check whether a TLS certificate is valid. This check is socio-technical because, when the technical validation fails, it may request the user to decide, intertwining the usual technical issues with social elements, such as trust and cultural values. Hence the need for a methodology aimed at a socio-technical understanding of TLS certificate validation. This aim is demanding not only due to user participation but also because browsers behave differently. An innovative methodology is outlined and demonstrated on the four market-leader browsers, Chrome, Internet Explorer, Firefox and Opera Mini. It involves modelling in UML the multi-layered interactions among servers, browsers, and users and then translating them into a formal language amenable to model checking socio-technical security properties.
Type de document :
Communication dans un congrès
Carmen Fernández-Gago; Fabio Martinelli; Siani Pearson; Isaac Agudo. 7th Trust Management (TM), Jun 2013, Malaga, Spain. Springer, IFIP Advances in Information and Communication Technology, AICT-401, pp.281-288, 2013, Trust Management VII. 〈10.1007/978-3-642-38323-6_23〉
Liste complète des métadonnées

Littérature citée [7 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01468204
Contributeur : Hal Ifip <>
Soumis le : mercredi 15 février 2017 - 11:38:55
Dernière modification le : mercredi 15 février 2017 - 11:41:00
Document(s) archivé(s) le : mardi 16 mai 2017 - 13:08:06

Fichier

978-3-642-38323-6_23_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Giampaolo Bella, Rosario Giustolisi, Gabriele Lenzini. A Socio-technical Understanding of TLS Certificate Validation. Carmen Fernández-Gago; Fabio Martinelli; Siani Pearson; Isaac Agudo. 7th Trust Management (TM), Jun 2013, Malaga, Spain. Springer, IFIP Advances in Information and Communication Technology, AICT-401, pp.281-288, 2013, Trust Management VII. 〈10.1007/978-3-642-38323-6_23〉. 〈hal-01468204〉

Partager

Métriques

Consultations de la notice

69

Téléchargements de fichiers

47