Ceremony Design and Analysis
Carl Ellison has been doing some really interesting work on what he calls Ceremonies:
The concept of ceremony is introduced as an extension of the concept of network protocol, with human nodes alongside computer nodes and with communication links that include UI, human-to-human communication and transfers of physical objects that carry data. What is out-of-band to a protocol is in-band to a ceremony, and therefore subject to design and analysis using variants of the same mature techniques used for the design and analysis of protocols. Ceremonies include all protocols, as well as all applications with a user interface, all workflow and all provisioning scenarios. A secure ceremony is secure against both normal attacks and social engineering. However, some secure protocols imply ceremonies that cannot be made secure.
He’s talked about it in public a little before, and now has a paper available from the IACR eprint service, “Ceremony Design and Analysis.”
If you design network protocols, or think about the intersection of security and usability, this is very much worth reading.