Bitte benutzen Sie diese Referenz, um auf diese Ressource zu verweisen:
Volltext verfügbar? / Dokumentlieferung
doi:10.22028/D291-29343
Titel: | Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure |
VerfasserIn: | Speicher, Patrick Steinmetz, Marcel Künnemann, Robert Simeonovski, Milivoj Pellegrino, Giancarlo Hoffmann, Jörg Backes, Michael |
Sprache: | Englisch |
Titel: | 3rd IEEE European Symposium on Security and Privacy : EUROS&P 2018 : proceedings : 24-26 April 2018, London, United Kingdom |
Startseite: | 77 |
Endseite: | 91 |
Verlag/Plattform: | IEEE |
Erscheinungsjahr: | 2018 |
Titel der Konferenz: | EUROS&P 2018 |
Konferenzort: | London, United Kingdom |
Dokumenttyp: | Konferenzbeitrag (in einem Konferenzband / InProceedings erschienener Beitrag) |
Abstract: | Security in the Internet has historically been added post-hoc, leaving services like email, which, after all, is used by 3.7 billion users, vulnerable to large-scale surveillance. For email alone, there is a multitude of proposals to mitigate known vulnerabilities, ranging from the introduction of completely new protocols to modifications of the communication paths used by big providers. Deciding which measures to deploy requires a deep understanding of the induced benefits, the cost and the resulting effects. This paper proposes the first automated methodology for making formal deployment assessments. Our planning algorithm analyses the impact and cost-efficiency of different known mitigation strategies against an attacker in a formal threat model. This novel formalisation of an infrastructure attacker includes routing, name resolution and application level weaknesses. We apply the methodology to a large-scale scan of the Internet, and assess how protocols like IPsec, DNSSEC, DANE, SMTP STS, SMTP over TLS and other mitigation techniques like server relocation can be combined to improve the confidentiality of email users in 45 combinations of attacker and defender countries and nine cost scenarios. This is the first deployment analysis for mitigation techniques at this scale. |
DOI der Erstveröffentlichung: | 10.1109/EuroSP.2018.00014 |
URL der Erstveröffentlichung: | https://ieeexplore.ieee.org/document/8406592 |
Link zu diesem Datensatz: | hdl:20.500.11880/28340 http://dx.doi.org/10.22028/D291-29343 |
ISBN: | 978-1-5386-4228-3 978-1-5386-4227-6 978-1-5386-4229-0 |
Datum des Eintrags: | 21-Nov-2019 |
Drittmittel / Förderung: | BMBF through funding for the Center for IT-Security, Privacy and Accountability (CISPA) |
Fördernummer: | BMBF 16KIS0656 |
Fakultät: | MI - Fakultät für Mathematik und Informatik |
Fachrichtung: | MI - Informatik |
Professur: | MI - Prof. Dr. Jörg Hoffmann |
Sammlung: | SciDok - Der Wissenschaftsserver der Universität des Saarlandes |
Dateien zu diesem Datensatz:
Es gibt keine Dateien zu dieser Ressource.
Alle Ressourcen in diesem Repository sind urheberrechtlich geschützt.