2014
DOI: 10.1007/978-3-319-07620-1_28
|View full text |Cite
|
Sign up to set email alerts
|

A Conceptual Framework to Study Socio-Technical Security

Abstract: Abstract. We propose an operational framework for a social, technical and contextual analysis of security. The framework provides guidelines about how to model a system as a layered set of interacting elements, and proposes two methodologies to analyse technical and social vulnerabilities. We show how to apply the framework in a use case scenario.

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
13
0

Year Published

2014
2014
2022
2022

Publication Types

Select...
5
2

Relationship

2
5

Authors

Journals

citations
Cited by 15 publications
(13 citation statements)
references
References 25 publications
0
13
0
Order By: Relevance
“…Although this impact is clearly computable when it only concerns a limited control over a technological system (e.g., hiding some attributes in an access control system), it is not necessarily the case in general. Research in psychology tells us that decision-makers can be influenced (e.g., [11,23,10,5]), and there is a growing interest in using behavioural sciences when developing and implementing security products revealed recently (e.g., [15,20,24,18,6]). However, more research is needed to eventually provide a catalog of effects applicable to a decision-maker, together with a measure of their impact.…”
Section: Resultsmentioning
confidence: 99%
“…Although this impact is clearly computable when it only concerns a limited control over a technological system (e.g., hiding some attributes in an access control system), it is not necessarily the case in general. Research in psychology tells us that decision-makers can be influenced (e.g., [11,23,10,5]), and there is a growing interest in using behavioural sciences when developing and implementing security products revealed recently (e.g., [15,20,24,18,6]). However, more research is needed to eventually provide a catalog of effects applicable to a decision-maker, together with a measure of their impact.…”
Section: Resultsmentioning
confidence: 99%
“…Indeed, it is impossible to model all security-relevant devices, protocols and behaviours in a single model. Typically, socio-technical models look at capturing organisational infrastructure (e.g., [10], [16], [18], [12]), but sometimes they can focus only on some aspects of human-computer interactions (e.g., [19], [6]).…”
Section: Socio-technical Models Versus Attack-defence Modelsmentioning
confidence: 99%
“…The international work towards threat models for socio-technical analysis has only just begun [34,54]. For example, it is as yet unclear how society shapes up users with a generally negative (that is, reluctant, impatient, etc.)…”
Section: The Socio-technical Perspectivementioning
confidence: 99%
“…It enables the researcher to take the guarantees of security and privacy that the technology establishes and to transmit them reliably and effectively to its users. For example, Bella et al have recently adopted it to analyse the TLS certificate validation ceremony [17], Huynen et al to identify critical decision points in the ceremonies that users follow to access WiFi networks via Hotspots [35], and Ferreira et al to outline a research framework [34].…”
Section: Introductionmentioning
confidence: 99%