Speculations on the science of web user security

Authors:
Ravi Sandhu
Affiliations:
Institute for Cyber Security, University of Texas at San Antonio, One UTSA Circle, San Antonio, TX 78249, USA
Venue:
Computer Networks: The International Journal of Computer and Telecommunications Networking
Year:
2012

Citing 15
Cited 0

Computer viruses: theory and experiments

Computers and Security
Firewalls and Internet security: repelling the wily hacker

Firewalls and Internet security: repelling the wily hacker
Spam!

Communications of the ACM
SSL and TLS: designing and building secure systems

SSL and TLS: designing and building secure systems
Understanding PKI: Concepts, Standards, and Deployment Considerations

Understanding PKI: Concepts, Standards, and Deployment Considerations
Good-Enough Security: Toward a Pragmatic Business-Driven Discipline

IEEE Internet Computing
The Problem with Multiple Roots in Web Browsers - Certificate Masquerading

WETICE '98 Proceedings of the 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Formal Specification of Requirements for Payment Transactions in the SET Protocol

FC '98 Proceedings of the Second International Conference on Financial Cryptography
A framework for classifying denial of service attacks

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A taxonomy of computer worms

Proceedings of the 2003 ACM workshop on Rapid malcode
Computer Security in the Real World

Computer
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Cyber-physical systems: the next computing revolution

Proceedings of the 47th Design Automation Conference
A Research Agenda Acknowledging the Persistence of Passwords

IEEE Security and Privacy
The Social Internet of Things (SIoT) - When social networks meet the Internet of Things: Concept, architecture and network characterization

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

There appears to be consensus among seasoned cyber security researchers that there is substantial disconnect between the research community's priorities and the real world-notwithstanding numerous intellectual advances in the theory and practice of cyber security over the past four decades. This is in part manifested by recent recurring calls for dramatic shifts in cyber security research paradigms, including so called game-changing approaches that go beyond the typical computer science and engineering perspectives. This article focusses on a specially important piece of cyber security called web user security where the prime concern is security for the ordinary consumer of web application services. The proliferation of web services and their enthusiastic reception by the ordinary citizen attests to the tremendous practical success of these technologies. As such it is prima facie evident that the current web is ''secure enough'' for mass adoption. Now, one certain prediction about the web is that it will continue to evolve rapidly. This article gives the author's personal perspective on what web user security science might be developed to address the need to be ''secure enough'' in light of continued evolution. To this end the article begins by considering what happened in evolution of the web in the past and how much of it, if any, was guided by ''science.'' The article identifies some security principles that can be abstracted from this short but eventful history. The article then speculates on what directions the science of web user security should take.