Interdisciplinary Research Group in Socio-technical Cybersecurity
A Socio-Technical Methodology for the Security and Privacy Analysis of Services
There is a widely accepted need for methodologies to verify the security of services. A typical service requires user data and then makes them available through the Internet independently from access platforms or user locations, but the layman is rarely aware of the entailed risks and seldom acts cautiously. The combined human-and-technology system is complex: it intertwines the technical protocols that establish the technical security properties, with the social protocols that regulate human attitudes to and behaviour with computers. A number of security threats are therefore inherently socio-technical. % An appropriate methodology to tackle security of web services from a socio-technical standpoint, namely when the human is in the loop, is still missing. This paper introduces one, termed the ceremony concertina traversal methodology. It advocates that technology is analysed in the presence of the human through the various structural layers that arise, from computer processes to user personas. Layers should be analysed individually then in combination, so as to transmit the guarantees that the technology is sound to its users in practical scenarios.
Giampaolo Bella, Paul Curzon, Rosario Giustolisi, Gabriele Lenzini
2014 IEEE 38th International Computer Software and Applications Conference Workshops
Bella, G., Curzon, P., Giustolisi, R., & Lenzini, G. (2014, July). A socio-technical methodology for the security and privacy analysis of services. In 2014 IEEE 38th International Computer Software and Applications Conference Workshops (pp. 401-406). IEEE.
Get in touch with us
SnT – Interdisciplinary Centre for Security, Reliability and Trust
Maison du Nombre, 6, avenue de la Fonte L-4364 Esch-sur-Alzette