The Ever Changing Threat Model: A Social-Technical Perspective

Summary form only given. Since Needham and Schroeder introduced the idea of an active attacker, a lot of research has been made on the technical side of information security in order to verify the protocols´ claims against this type of attacker. Nowadays, the Dolev-Yao threat model is the most widely accepted attacker model for that. Consequently, we tend to consider systems when secure against an attacker under Dolev-Yao´s assumptions. With the introduction of the human-centric security ideas we include human peers in our designs. With this addition we can potentially find and solve security flaws that were previously not detectable.In this talk, we will discuss that even though Dolev-Yao´s threat model can represent the most powerful attacker possible, the attacker in this model is not realistic in certain scenarios, especially those related to the human peers. We look over other variations of threat models, including a dynamic threat model that can be adjusted according to each social-technical context. These new perspectives will help us to model and analyse security requirements in human-computer interaction always regarding to realistic scenarios without degrading security and improving usability.