Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: The International Workshop on Socio-Technical Aspects in Security
Guest editors: Thomas Groß and Luca Viganò
Article type: Research Article
Authors: Jamroga, Wojciecha; b | Kurpiewski, Damianb | Malvone, Vadimc; *
Affiliations: [a] Interdisc. Centre on Security, Reliability and Trust, SnT, University of Luxembourg | [b] Institute of Computer Science, Polish Academy of Sciences, Warsaw, Poland | [c] Télécom Paris, France
Correspondence: [*] Corresponding author. E-mail: vadim.malvone@telecom-paris.fr.
Note: [1] This paper is an extended and revised version of a paper presented at the International Workshop on Socio-Technical Aspects in Security.
Abstract: Formal analysis of security is often focused on the technological side of the system. One implicitly assumes that the users will behave in the right way to preserve the relevant security properties. In real life, this cannot be taken for granted. In particular, security mechanisms that are difficult and costly to use are often ignored by the users, and do not really defend the system against possible attacks. Here, we propose a graded notion of security based on the complexity of the user’s strategic behavior. More precisely, we suggest that the level to which a security property φ is satisfied can be defined in terms of: (a) the complexity of the strategy that the user needs to execute to make φ true, and (b) the resources that the user must employ on the way. The simpler and cheaper to obtain φ, the higher the degree of security. We demonstrate how the idea works in a case study based on an electronic voting scenario. To this end, we model the vVote implementation of the Prêt à Voter voting protocol for coercion-resistant and voter-verifiable elections. Then, we identify “natural” strategies for the voter to obtain voter-verifiability, and measure the voter’s effort that they require. We also consider the dual view of graded security, measured by the complexity of the attacker’s strategy to compromise the relevant properties of the election.
Keywords: Electronic voting, coercion resistance, natural strategies, multi-agent models, graded security
DOI: 10.3233/JCS-210049
Journal: Journal of Computer Security, vol. 30, no. 3, pp. 381-409, 2022
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl