On Tools for Socio-Technical Security Analysis

Many systems are hacked daily and apparently without much effort. This happens because hackers prefer not to break security mechanisms immediately, but rather to target unguarded components first. Such components, e.g., users and human-computer ceremonies, are hacked by exploiting cognitive features (e.g., trust) and people’s dismay with ill-designed interfaces. These user-related components are often ignored in traditional security analysis. Thus, it should not surprise that systems proved secure may fail especially when they run in different contexts from those wherein they have been proven secure.