Abstract
Inspired by the root cause analysis techniques that in the field of safety research and practice help investigators understand the reasons of an incident, this paper investigates the use of root cause analysis in security. We aim at providing a systematic method for the security analyst to identify the socio-technical attack modes that can potentially endanger a system’s security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For improved readability, we do not spell out ‘socio-technical’ in the following while it has to be systematically assumed.
- 2.
References
Cranor, L.F.: A framework for reasoning about the human in the loop. Proc. First Conf. Usability Psychol. Secur. 1–15 (2008). http://portal.acm.org/citation.cfm?id=1387650
Curzon, P., Ruksenas, R., Blandford, A.: An approach to formal verification of humancomputer interaction. Form. Aspects Comput. 19(4), 513–550 (2007)
Carlos, M., Price, G.: Understanding the weaknesses of human-protocol interaction. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 13–26. Springer, Heidelberg (2012)
Corporation, M.: CAPEC - Common Attack Pattern Enumeration and Classification (2014). https://capec.mitre.org/
Hollnagel, E.: Cognitive reliability and error analysis method CREAM. Elsevier, Oxford (1998)
Hollnagel, H.: FRAM: The Functional Resonance Analysis Method: Modelling Complex Socio-technical Systems. MPG Books Group (2012)
Cacciabue, P.C.: Guide to Applying Human Factors Methods - Human Error and Accident Management in Safety-Critical Systems. Springer, Heidelberg (2004)
Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G.: A conceptual framework to study socio-technical security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 318–329. Springer, Heidelberg (2014)
Serwy, R.D., Rantanen, E.M.: Evaluation of a software implementation of the cognitive reliability and error analysis method (CREAM). Proc. Hum. Factors Ergonomics Soc. Ann. Meet. 51(18), 1249–1253 (2007)
Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G., Rivas, S.: Do graphical cues effectively inform users? In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 323–334. Springer, Heidelberg (2015)
Raskin, A.: Tabnabbing: A New Type of Phishing Attack. http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
Acknowledgments
This research is supported by FNR Luxembourg, project I2R-APS-PFN-11STAS.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Ferreira, A., Huynen, JL., Koenig, V., Lenzini, G. (2015). In Cyber-Space No One Can Hear You S\(\cdot \)CREAM. In: Foresti, S. (eds) Security and Trust Management. STM 2015. Lecture Notes in Computer Science(), vol 9331. Springer, Cham. https://doi.org/10.1007/978-3-319-24858-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-24858-5_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24857-8
Online ISBN: 978-3-319-24858-5
eBook Packages: Computer ScienceComputer Science (R0)