Repository logo
 

Threat models over space and time: A case study of end‐to‐end‐encrypted messaging applications

Published version
Peer-reviewed

Repository DOI


Change log

Abstract

jats:titleAbstract</jats:title>jats:pThreat modeling is one of the foundations of secure systems engineering and must take heed of the context within which systems operate. In this work, we explore the extent to which real‐world systems engineering reflects a changing threat context. We examine the desktop clients of six widely used end‐to‐end‐encrypted mobile messaging applications to understand the extent to which they adjusted their threat model over space (when enabling clients on new platforms, such as desktop clients) and time (as new threats emerged). We experimented with short‐lived adversarial access against these desktop clients and analyzed the results using two popular threat elicitation frameworks, STRIDE and LINDDUN. The results demonstrate that system designers need to track threats in the evolving context within which systems operate and, more importantly, mitigate them by rescoping trust boundaries so that they remain consistent with administrative boundaries. A nuanced understanding of the relationship between trust and administration is vital for robust security, including the provision of safe defaults.</jats:p>

Description

Publication status: Published


Funder: REPHRAIN: Research Centre on Privacy, Harm Reduction and Adversarial Influence Online; Grant(s): EPSRC: EP/V011189/1

Keywords

46 Information and Computing Sciences, 4604 Cybersecurity and Privacy

Journal Title

Software: Practice and Experience

Conference Name

Journal ISSN

0038-0644
1097-024X

Volume Title

Publisher

Wiley