Socio-Technical Analysis of Security and Trust (STAST), CORE-FNR, 2011-2014

One of the greatest challenges facing computer security today is to prevent attacks that exploit human weaknesses. Nowadays, only rarely attackers target the standard security technical components (e.g., the cryptographic protocols) of the system to violate the systems’ defences. Instead, they often combine social engineering and technical strategies to conduct socio-technical attacks. Attackers undermine security by also exploiting the users misunderstanding of security mechanisms (often exacerbated by poorly designed user interfaces or unusable security. Socio-technical attacks threaten the foundations of the trust that users have in information and communication technology.One of the greatest challenges facing computer security today is toprevent attacks that exploit human weaknesses. Nowadays, only rarely attackers target the standard security technical components (e.g., the cryptographic protocols) of the system to violate the systems’ defences. Instead, they often combine social engineering and technical strategies to conduct socio-technical attacks.A peculiarity of these threats is that an adversary combines socialengineering with technical skills to circumvent the defenses ofinformation systems. Attackers undermine security by also exploitingthe users misunderstanding of security mechanisms (often exacerbated by poorly designed user interfaces or unusablesecurity. Socio-technical attacks threaten the foundations of thetrust that users have in information and communication technology.Up to now almost all the academic effort in information security hasconcentrated on solving the technical aspects of the problem. This Upto now almost all the academic effort in information security hasconcentrated on solving the technical aspects of security. Thisproposal aims to fill this gap by studying the nature ofsocio-technical attacks and by providing tools for the analysis ofsecurity of information systems and services against theseattacks. Specifically, this project will achieve the following twogoals:(1) To propose a framework in which to model socio-technicalcomponents of information systems.This goal includes modelling system’s technical components but alsothe human-computer interfaces, the physical objects, the users and all their interactive ceremonies. This implies also, limitedly to our usecase scenarios, modelling users’ cognitive status and users’ behavioural responses during an interaction with the system.(2) To develop tools to detect, possibly in a semi automatic orautomatic way, attacks of socio-technical nature given a model of asystem. This goal includes also to define the adversary model, and to identifythe security properties that are relevant in a socio-technicalframework. Up to certain level of detail, we have to specify thecontext where the interactions between the system’s principals takeplace and the trust interactions between agents. We validate our result on test scenarios. The scenarios are taken from key domains in system security and trust: electronic voting, web certification, and ATM security. The project will answer challenging research questions on how to embed user cognitive constraints and behavioural interactive patterns in the model of the system and how to analyse the overall system’s security and integrity.This project requires an interdisciplinary approachwhich is ensured by the composition of the proponent team, namely: the Interdisciplinary Centre for Reliability, Security and Trust (SnT) with focus on trust, and the Educational Measurement and Applied Cognitive Science (EMACS) with focus on HCI and usability.The team will collaborate with 5 external partnersUniv. Catania, Univ. Newcastle, Norwegian TNU, Royal HollowayUniv. of London, and UCL. An industrial partner participates in the project: CIRCL, the incident response centre Luxembourg.