Towards Human-Centric Endpoint Security

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)


In a survey of six widely used end-to-end encrypted messaging
applications, we consider the post-compromise recovery process from the
perspective of what audit functions, if any, are in place to detect and
recover from attacks. Our investigation reveals audit functions vary in
the extent to which they rely on the end user. We argue developers
should minimize dependence on users and view them as a residual, not
primary, risk mitigation strategy. To provide robust communications
security, E2EE applications need to avoid protocol designs that dump too
much responsibility on naive users and instead make system components
play an appropriate role
Original languageEnglish
Title of host publicationProceedings of the International Security Protocols Workshop
Publication statusAccepted/In press - 27 Jan 2023


Dive into the research topics of 'Towards Human-Centric Endpoint Security'. Together they form a unique fingerprint.

Cite this