Abstract
We propose an operational framework for a social, technical and contextual analysis of security. The framework provides guidelines about how to model a system as a layered set of interacting elements, and proposes two methodologies to analyse technical and social vulnerabilities. We show how to apply the framework in a use case scenario.
Chapter PDF
Similar content being viewed by others
References
West, R.: The Psychology of Security. Communication of the ACM 51(4), 34–38 (2008)
Tversky, A., Kahneman, D.: Judgment under uncertainty: Heuristics and biases. Science 185, 1124–1131 (1974)
Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., Hong, J.: Teaching johnny not to fall for phish. ACM Trans. Internet Technol. 10(2), 7:1–7:31 (2010)
Parkin, S., van Moorsel, A., Inglesant, P.G., Sasse, M.A.: A Stealth Approach to Usable Security: Helping IT Security Managers to Identify Workable Security Solutions. In: Proc. of NSPW 2010, Sept. 21-23, pp. 33–50. ACM (2010)
Tembe, R., Hong, K.W., Murphy-Hill, E., Mayhorn, C., Kelley, C.: American and indian conceptualizations of phishing. In: Proc. of STAST 2013, pp. 37–45. IEEE (2013)
Volkamer, M., Stockhardt, S., Bartsch, S., Kauer, M.: Adopting the cmu/apwg anti-phishing landing page idea for germany. In: Proc. of STAST 2013, pp. 46–52. IEEE (2013)
Bardram, J.E.: The trouble with login: on usability and computer security in ubiquitous computing. Personal and Ubiquit. Comput. 9(6), 357–367 (2005)
Weerasinghe, D., Rakocevic, V., Rajarajan, M.: Security framework for mobile banking. In: Trustworthy Ubiquitous Computing, Atlantis Ambient and Pervasive Intelligence, vol. 6, pp. 207–225 (2012)
Ferreira, A., Giustolisi, R., Huynen, J., Koenig, V., Lenzini, G.: Studies in socio- technical security analysis: Authentication of identities with tls certificates. In: Proc. of the 12th IEEE TrustComm 2013, pp. 1553–1558 (2013)
Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G., Rivas, S.: Socio-technical study on the effect of trust and context when choosing wifi names. In: Accorsi, R., Ranise, S. (eds.) STM 2013. LNCS, vol. 8203, pp. 131–143. Springer, Heidelberg (2013)
Zhu, F., Carpenter, S., Kulkarni, A., Kolimi, S.: Reciprocity attacks. In: Proc. of the SOUPS 2011, pp. 9:1–9:14. ACM, New York (2011)
Arce, I.: The weakest link revisited. IEEE Security Privacy 1(2), 72–76 (2003)
Cranor, L.F.: A Framework for Reasoning About the Human in the Loop. In: Proc. of the 1st Conf. on Usability, Psychology, and Security, pp. 1–15. USENIX Association (2008)
Conti, G., Ahamad, M., Stasko, J.: Attacking information visualization system usability overloading and deceiving the human. In: Proc. of the SOUPS 2005, pp. 89–100. ACM (2005)
Falk, L., Prakash, A., Borders, K.: Analyzing websites for user-visible security design flaws. In: Proceedings of SOUPS 2008, pp. 117–126. ACM, New York (2008)
De Luca, A., Langheinrich, M., Hussmann, H.: Towards understanding atm security: a field study of real world atm use. In: Proc. of SOUPS 2010, pp. 16:1–16:10. ACM, New York (2010)
Janczewski, L., Lingyan, F.: Social engineering-based attacks: Model and new zealand perspective. In: Proc. of IMCSIT 2010, pp. 847–853 (2010)
Dalpiaz, F., Giorgini, P., Mylopoulos, J.: Adaptive Socio-Technical Systems: a Requirements-Based Approach. Requirements Engineering 18, 1–24 (2013)
Worton, K.: Using socio-technical and resilience frameworks to anticipate threat. In: Proc. of STAST 2012, pp. 19–26 (2012)
Pavkovic, N., Perkov, L.: Social engineering toolkit x2014; a systematic approach to social engineering. In: Proc. of MIPRO 2011, pp. 1485–1489 (2011)
Bella, G., Coles-Kemp, L.: Layered Analysis of Security Ceremonies. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 273–286. Springer, Heidelberg (2012)
Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Transaction on Information Theory 29(2), 198–208 (1983)
Bella, G., Giustolisi, R., Lenzini, G.: Socio-Technical Formal Analysis of TLS Certificate Validation in Modern Browsers. In: Proc. of PST 2013. IFIP, pp. 309–316 (2013)
Bella, G., Giustolisi, R., Lenzini, G.: A Socio-Technical Understanding of TLS Certificate Validation. In: Fernández-Gago, C., Martinelli, F., Pearson, S., Agudo, I. (eds.) Trust Management VII. IFIP AICT, vol. 401, pp. 281–288. Springer, Heidelberg (2013)
Clarke, E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press (1999)
Godfrey-Smith, P.: Theory and Reality: An Introduction to the Philosophy of Science. Science and Its Conceptual Foundations. Univ. of Chicago Press (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Ferreira, A., Huynen, JL., Koenig, V., Lenzini, G. (2014). A Conceptual Framework to Study Socio-Technical Security. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham. https://doi.org/10.1007/978-3-319-07620-1_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-07620-1_28
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07619-5
Online ISBN: 978-3-319-07620-1
eBook Packages: Computer ScienceComputer Science (R0)