A Socio-Technical Methodology for the Security and Privacy Analysis of Services

Interdisciplinary Research Group in Socio-technical Cybersecurity

A Socio-Technical Methodology for the Security and Privacy Analysis of Services

Giampaolo Bella, Paul Curzon, Rosario Giustolisi, Gabriele Lenzini
Abstract:
There is a widely accepted need for methodologies to verify the security of services. A typical service requires user data and then makes them available through the Internet independently from access platforms or user locations, but the layman is rarely aware of the entailed risks and seldom acts cautiously. The combined human-and-technology system is complex: it intertwines the technical protocols that establish the technical security properties, with the social protocols that regulate human attitudes to and behaviour with computers. A number of security threats are therefore inherently socio-technical. % An appropriate methodology to tackle security of web services from a socio-technical standpoint, namely when the human is in the loop, is still missing. This paper introduces one, termed the ceremony concertina traversal methodology. It advocates that technology is analysed in the presence of the human through the various structural layers that arise, from computer processes to user personas. Layers should be analysed individually then in combination, so as to transmit the guarantees that the technology is sound to its users in practical scenarios.
Authors:
Giampaolo Bella, Paul Curzon, Rosario Giustolisi, Gabriele Lenzini
Publication date:
2014
Published in:
2014 IEEE 38th International Computer Software and Applications Conference Workshops
Reference:
Bella, G., Curzon, P., Giustolisi, R., & Lenzini, G. (2014, July). A socio-technical methodology for the security and privacy analysis of services. In 2014 IEEE 38th International Computer Software and Applications Conference Workshops (pp. 401-406). IEEE.

Get in touch with us

SnT – Interdisciplinary Centre for Security, Reliability and Trust
29, Avenue J.F Kennedy L-1855 Luxembourg
info-irisc-lab@uni.lu