Sacha Brostoff
ABSTRACT
This paper firstly argues that the design of security applications needs to consider more than technical elements. Since almost all security systems involve human users as well as technology, security should be considered, and designed as, a socio-technical work system. Secondly, we argue that safety-critical systems design has similar goals and issues to security design, and should thus provide a good starting point. Thirdly, we identify Reason's (1990) Generic Error Modeling System/Basic Elements of Production as the most suitable starting point for a socio-technical approach, and demonstrate how its basic elements can be applied to the domain of information security. We demonstrate how the application of the model's concepts, especially the distinction between active and latent failures, offers an effective way of identifying and addressing security issues that involve human behavior. Finally, we identify strengths and weaknesses of this approach, and the requirement for further work to produce a security-specific socio-technical design framework.
- Adams, A. and Sasse, M. A. (1999), Users are not the enemy, Communications of the ACM, Vol. 42, No. 12. December, 1999. Google Scholar
Digital Library
- Anderson, R. (2001) Security Engineering. John Wiley and Sons; UK.Google Scholar
- Baker, D. B. (1996) Fortresses Built Upon Sand. in Proceedings of the 1996 New Security Paradigms Workshop. Arrowhead, CA.: ACM Press https://www.acm.org/pubs/articles/proceedings/commsec/304851/p148-baker/p148-baker.pdf Google ScholarDigital Library
- Bell, D., & LaPadula, L. (1973) Secure Computer Systems: Mathematical Foundations and Model, M74-244, MITRE Corp. Bedford, MA,Google Scholar
- Biba, K. (1977) Integrity Constraints for Secure Computer Systems. Tech. Rep. ESD-TR76-372, USAF Electronic Systems Division, Bedford, MAGoogle Scholar
- Brostoff, S. & Sasse, M. A. (2000): Are Passfaces more usable than passwords? A field trial investigation. In S. McDonald, Y. Waern & G. Cockton {Eds.}: People and Computers XIV - Usability or Else! Proceedings of HCI 2000 (September 5th - 8th, Sunderland, UK), pp. 405-424. SpringerGoogle Scholar
- Bunnell, J., Podd, J., Henderson, R., Napier, R., & Kennedy-Moffat, J. (1997). Cognitive, associative and conventional passwords: Recall and guessing rates. Computers and Security, 16(7), 629-641.Google ScholarDigital Library
- Clark, D. &. Wilson, D. (1987) A Comparison of Commercial and Military Computer Security Policies. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA.Google Scholar
- Dobson, J. (1993) new security paradigms: what other concepts do we need as well? Proceedings of the 1993 workshop on new security paradigms. August 225, 1993, Little Compton, RI. http://www.acm.org/pubs/contents/proceedings/commsec/283751/ Google ScholarDigital Library
- FIPS (1985) Password Usage. Federal Information Processing Standards Publication. May 30.Google Scholar
- Haskett, J. A. (1984). Pass-algorithms: a user validation scheme based on than knowledge of secret algorithms. Communications of the ACM, 27(8), 777-781. Google ScholarDigital Library
- Hudson, P. T. W. (1988) Personal communication, In Reason, J. (1990) Human Error. Cambridge University Press. Cambridge, UKGoogle Scholar
- Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K., Rubin, A. D. (1999) The Design and Analysis of Graphical Passwords. Proceedings of the 8th USENIX Security Symposium, August 23-36, 1999, Washington, D.C., USA Google ScholarDigital Library
- LaPadula, J., (1993) Prospect on security paradigms. Proceedings of the 1993 workshop on new security paradigms. August 225, 1993, Little Compton, RI. http://www.acm.org/pubs/contents/proceedings/commsec/283751/ Google ScholarDigital Library
- Lemos, R (2000) Laptop thieves usually not after data. http://www.zdnet.com/zdnn/stories/news/0,4586,2629471,00.htmlGoogle Scholar
- Lipson, D. A. and Fisher, H. F. (1999) Survivability-a new technical and business perspective on security. New security paradigms workshop. Proceedings of the 1999 workshop on new security paradigms, September 22 to 24, 1999, Caledonian hills Canada Google ScholarDigital Library
- Murrer, E. (1999). Fingerprint Authentication. Secure Computing(March), 26-30.Google Scholar
- Menkus, B. (1988). Understanding the use of passwords. Computers and Security, 7(2), 132-136. Google ScholarDigital Library
- Poulsen, K. (2000): Mitnick to lawmakers; People, phones and weakest links, http://www.politechbot.com/p-00969.html.Google Scholar
- Reason, J. (1990) Human Error. Cambridge University Press. Cambridge, UKGoogle Scholar
- Sasse, M. A., Brostoff, S. & Weirich, D. (2001), Transforming the 'weakest link': a human-computer interaction approach to usable and effective security. BT Technical Journal, 19(3), 122-131. (Also at http://www.bt.com/bttj/) Google ScholarDigital Library
- Schneier, B. (2000), Secrets and Lies, John Wiley & Sons, 2000. Google ScholarDigital Library
- Spector, Y., & Ginzberg, J. (1994). Pass sentence - a new approach to computer code. Computers and Security, 13(2), 145-160. Google ScholarDigital Library
- Whitten, A. & Tygar, J. D. (1999) Why Johnny can't encrypt: A usability evaluation of PGP 5.0, Proceedings of the 8th USENIX Security Symposium, August 1999, Washington. Google ScholarDigital Library
Index Terms
- Safe and sound: a safety-critical approach to security
Recommendations
Designing Sound Security Metrics
This article begins with an introduction to security metrics, describing the need for security metrics, followed by a discussion of the nature of security metrics, including the challenges found with some security metrics used in the past. The article ...
SAFE and Secure: Deeply Integrating Security in a New Hazard Analysis
ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and SecuritySafety-critical system engineering and traditional safety analyses have for decades been focused on problems caused by natural or accidental phenomena. Security analyses, on the other hand, focus on preventing intentional, malicious acts that reduce ...
Safe Spaces and Safe Places: Unpacking Technology-Mediated Experiences of Safety and Harm with Transgender People
Transgender individuals in the United States face significant threats to interpersonal safety; however, there has as yet been relatively little research in the HCI and CSCW communities to document transgender individuals' experiences of technology-...
Comments