In Cyber-Space No One Can Hear You S·CREAM, A Root Cause Analysis for Socio-Technical Security

Ferreira, Ana; Huynen, Jean-Louis; Koenig, Vincent; Lenzini, Gabriele

doi:10.1007/978-3-319-24858-5_16

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

In Cyber-Space No One Can Hear You S·CREAM, A Root Cause Analysis for Socio-Technical Security

Ferreira, Ana; Huynen, Jean-Louis; Koenig, Vincent et al.

2015 • In Foresti, Sara (Ed.) Security and Trust Management

Peer reviewed

Permalink
https://hdl.handle.net/10993/22479

DOI
10.1007/978-3-319-24858-5_16

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

SCREAM.pdf

Author preprint (201.45 kB)

Download

The final publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-24858-5_16

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Root Cause Analysis; Security analysis; Socio-technical security

Abstract :

[en] Inspired by the root cause analysis techniques that in the field of safety research and practice help investigators understand the reasons of an incident, this paper investigates the use of root cause analysis in security. We aim at providing a systematic method for the security analyst to identify the socio-technical attack modes that can potentially endanger a system’s security.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust - SnT

Disciplines :

Computer science

Author, co-author :

Ferreira, Ana ; University of Porto > CINTESIS

Huynen, Jean-Louis ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Koenig, Vincent ; University of Luxembourg > Faculty of Language and Literature, Humanities, Arts and Education (FLSHASE) > Education, Culture, Cognition and Society (ECCS)

Lenzini, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

External co-authors :

yes

Language :

English

Title :

In Cyber-Space No One Can Hear You S·CREAM, A Root Cause Analysis for Socio-Technical Security

Publication date :

2015

Event name :

11th International Workshop on Security and Trust Management

Event place :

Vienna, Austria

Event date :

September 21-22, 2015

Audience :

International

Main work title :

Security and Trust Management

Editor :

Foresti, Sara

Publisher :

Springer

ISBN/EAN :

978-3-319-24857-8

Pages :

255-264

Peer reviewed :

Peer reviewed

FnR Project :

FNR1183245 - Socio-technical Analysis Of Security And Trust, 2011 (01/05/2012-30/04/2015) - Peter Y. A. Ryan

Name of the research project :

I2R-APS-PFN-11STAS

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 16 November 2015

Statistics

Number of views

205 (11 by Unilu)

Number of downloads

177 (3 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

Cranor, L.F.: A framework for reasoning about the human in the loop. Proc. First Conf. Usability Psychol. Secur. 1-15 (2008). http://portal.acm.org/citation.cfm? id=1387650
Curzon, P., Ruksenas, R., Blandford, A.: An approach to formal verification of humancomputer interaction. Form. Aspects Comput. 19(4), 513-550 (2007)
Carlos, M., Price, G.: Understanding the weaknesses of human-protocol interaction. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 13-26. Springer, Heidelberg (2012)
Corporation, M.: CAPEC - Common Attack Pattern Enumeration and Classification (2014). https://capec.mitre.org/
Hollnagel, E.: Cognitive reliability and error analysis method CREAM. Elsevier, Oxford (1998)
Hollnagel, H.: FRAM: The Functional Resonance Analysis Method: Modelling Complex Socio-technical Systems. MPG Books Group (2012)
Cacciabue, P.C.: Guide to Applying Human Factors Methods - Human Error and Accident Management in Safety-Critical Systems. Springer, Heidelberg (2004)
Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G.: A conceptual framework to study socio-technical security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 318-329. Springer, Heidelberg (2014)
Serwy, R.D., Rantanen, E.M.: Evaluation of a software implementation of the cognitive reliability and error analysis method (CREAM). Proc. Hum. Factors Ergonomics Soc. Ann. Meet. 51(18), 1249-1253 (2007)
Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G., Rivas, S.: Do graphical cues effectively inform users? In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 323-334. Springer, Heidelberg (2015)
Raskin, A.: Tabnabbing: A New Type of Phishing Attack. http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/