"I Think They're Poisoning my Mind": Understanding the Motivations of People Who Have Voluntarily Adopted Secure Email

Usman, Warda

30 May 2023

Secure email systems that use end-to-end encryption are the best method we have for ensuring user privacy and security in email communication. However, the adoption of secure email remains low, with previous studies suggesting mainly that secure email is too complex or inconvenient to use. However, the perspectives of those who have, in fact, chosen to use an encrypted email system are largely overlooked. To understand these perspectives, we conducted a semi-structured interview study that aims to provide a comprehensive understanding of the mindsets underlying adoption and use of secure email services. Our participants come from a variety of countries and vary in the amount of time they have been using secure email, how often they use it, and whether they use it as their primary account. Our results uncover that a defining reason for adopting a secure email system is to avoid surveillance from big tech companies. However, regardless of the complexity and accuracy of a person's mental model, our participants rarely send and receive encrypted emails, thus not making full use of the privacy they could obtain. These findings indicate that secure email systems could potentially find greater adoption by appealing to their privacy advantages, but privacy gains will be limited until a critical mass are able to join these systems and easily send encrypted emails to each other.

Secure email

privacy

security

big-tech

Proton Mail

Tutanota

threat models

mental models

Physical Sciences and Mathematics

Formalise Defense Strategies in Design Patterns of Threat Models / Formalisering av Förstvarsstrategier i Hotmodeller

Settlin, Johan

January 2021

Cyber-attacks are an increasing problem for organizations across the world. The attacks on systems are getting more and more sophisticated and thereby more and more difficult to protect against. The security of systems is crucial to protect your data from unauthorized access. One approach for testing the resilience of these systems is the use of threat modelling and attack simulations. The use of threat models also enables you to identify vulnerabilities in your infrastructure. The overall resilience of the system can then be increased by implementing protection against these vulnerabilities which can take many forms. There can be security issues regarding a single component in the infrastructure and more structural issues concerning more than one component in the system. Meta Attack Language (MAL) is a meta language to write threat languages of different systems. In MAL there exits different components called assets, these assets can have defenses. The problem is that structural weaknesses cannot be identified in the current state of the language. This thesis work will provide a solution to identify vulnerable patterns in a threat model and translate these pattern to secure patterns. A prototype has been created that take a threat model as input and outputs a new updated threat model. The prototype will translate the input to a graph database and run a series of predefined queries on the database that will identify and replace vulnerable patterns. A formal logic for finding vulnerable patterns is suggested and an API to change these patterns is implemented. The result shows that by running a model through the prototype, structural vulnerabilities can be identified and mitigated. This could potentially increase the overall resilience of the system. / Attacker på IT system är ett ökande problem för organisationer runt om i världen. Attackerna blir mer och mer sofistikerade och därmed svårare att skydda sig emot. Säkerheten av systemen är väldigt viktigt för att skydda data från obehörig åtkomst. Ett tillvägagångssätt för att testa säkerheten mot attacker är att använda hotmodeller och attack-simuleringar. Resultatet av en sådan simulering kan sedan användas för att göra systemet säkrare genom att implementera skydd mot kända sårbarheter. Dessa sårbarheter kan komma i många olika former. De kan finnas på en enskild komponent i arkitekturen eller så kan de bero på mer strukturella svagheter där flera komponenter berörs. Meta Attack Language (MAL) är ett meta-språk som kan användas för skapa hot-språk. I MAL så finns det olika komponenter som kan ha försvar associerat till sig. Problemet är att i det nuvarande stadiet av MAL så går det inte att identifiera strukturella svagheter där fler än en komponent är en del av problemet. Det här arbetet föreslår en lösning till att identifiera skadliga mönster och översätta dessa mönster till säkra mönster. En prototyp har tagits fram som tar en hotmodell som in-data och returnerar en uppdaterad hotmodell. Prototypen översätter hotmodellen till en grafdatabas och exekverar en serie av sökningar som identifierar och uppdaterar skadliga mönster. En logik för att hitta mönster föreslås och ett API av funktioner för att ändra mönster har utvecklats. Resultaten visar att genom körning av en modell genom prototypen så skulle detta potentiellt kunna öka systemens säkerhet.

Cyber Security

Security Patterns

Threat Models

Meta Attack Language

Defense Mechanisms

Structural Defenses

Datasäkerhet

Säkerhetsmönster

Hotmodeller

Meta Attack Language

Försvarsmekanismer

Strukturella Försvar

Computer Sciences

Datavetenskap (datalogi)

A Framework for Secure Structural Adaptation

Saman Nariman, Goran

January 2018

A (self-) adaptive system is a system that can dynamically adapt its behavior or structure during execution to "adapt" to changes to its environment or the system itself. From a security standpoint, there has been some research pertaining to (self-) adaptive systems in general but not enough care has been shown towards the adaptation itself. Security of systems can be reasoned about using threat models to discover security issues in the system. Essentially that entails abstracting away details not relevant to the security of the system in order to focus on the important aspects related to security. Threat models often enable us to reason about the security of a system quantitatively using security metrics. The structural adaptation process of a (self-) adaptive system occurs based on a reconfiguration plan, a set of steps to follow from the initial state (configuration) to the final state. Usually, the reconfiguration plan consists of multiple strategies for the structural adaptation process and each strategy consists of several steps steps with each step representing a specific configuration of the (self-) adaptive system. Different reconfiguration strategies have different security levels as each strategy consists of a different sequence configuration with different security levels. To the best of our knowledge, there exist no approaches which aim to guide the reconfiguration process in order to select the most secure available reconfiguration strategy, and the explicit security of the issues associated with the structural reconfiguration process itself has not been studied. In this work, based on an in-depth literature survey, we aim to propose several metrics to measure the security of configurations, reconfiguration strategies and reconfiguration plans based on graph-based threat models. Additionally, we have implemented a prototype to demonstrate our approach and automate the process. Finally, we have evaluated our approach based on a case study of our making. The preliminary results tend to expose certain security issues during the structural adaptation process and exhibit the effectiveness of our proposed metrics.

Self-Adaptive System

Adaptive System

Security

Threat Models

Security Metrics

Structural Adaptation

Reconfiguration Plan

Security Level

Graph-based Threat Models

Dynamic Reconfiguration

Structural Reconfiguration

Attack Graphs

T-HARM

Attack Trees

Attack Graphs Generation

MulVAL

Computer Sciences

Datavetenskap (datalogi)

Computer Systems

Datorsystem