International Workshop on Security and Trust Management

Security and Trust Management pp 255-264 | Cite as

In Cyber-Space No One Can Hear You S\(\cdot \)CREAM

A Root Cause Analysis for Socio-Technical Security
  • Ana Ferreira
  • Jean-Louis Huynen
  • Vincent Koenig
  • Gabriele Lenzini
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9331)

Abstract

Inspired by the root cause analysis techniques that in the field of safety research and practice help investigators understand the reasons of an incident, this paper investigates the use of root cause analysis in security. We aim at providing a systematic method for the security analyst to identify the socio-technical attack modes that can potentially endanger a system’s security.

Keywords

Root Cause Analysis Security analysis Socio-technical security 

References

  1. 1.
    Cranor, L.F.: A framework for reasoning about the human in the loop. Proc. First Conf. Usability Psychol. Secur. 1–15 (2008). http://portal.acm.org/citation.cfm?id=1387650
  2. 2.
    Curzon, P., Ruksenas, R., Blandford, A.: An approach to formal verification of humancomputer interaction. Form. Aspects Comput. 19(4), 513–550 (2007)CrossRefMATHGoogle Scholar
  3. 3.
    Carlos, M., Price, G.: Understanding the weaknesses of human-protocol interaction. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 13–26. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  4. 4.
    Corporation, M.: CAPEC - Common Attack Pattern Enumeration and Classification (2014). https://capec.mitre.org/
  5. 5.
    Hollnagel, E.: Cognitive reliability and error analysis method CREAM. Elsevier, Oxford (1998) Google Scholar
  6. 6.
    Hollnagel, H.: FRAM: The Functional Resonance Analysis Method: Modelling Complex Socio-technical Systems. MPG Books Group (2012)Google Scholar
  7. 7.
    Cacciabue, P.C.: Guide to Applying Human Factors Methods - Human Error and Accident Management in Safety-Critical Systems. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G.: A conceptual framework to study socio-technical security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 318–329. Springer, Heidelberg (2014) Google Scholar
  9. 9.
    Serwy, R.D., Rantanen, E.M.: Evaluation of a software implementation of the cognitive reliability and error analysis method (CREAM). Proc. Hum. Factors Ergonomics Soc. Ann. Meet. 51(18), 1249–1253 (2007)CrossRefGoogle Scholar
  10. 10.
    Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G., Rivas, S.: Do graphical cues effectively inform users? In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 323–334. Springer, Heidelberg (2015) CrossRefGoogle Scholar
  11. 11.
    Raskin, A.: Tabnabbing: A New Type of Phishing Attack. http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Ana Ferreira
    • 1
  • Jean-Louis Huynen
    • 2
  • Vincent Koenig
    • 2
  • Gabriele Lenzini
    • 2
  1. 1.CINTESISUniversity of PortoPortoPortugal
  2. 2.SnT and COSAUniversity of LuxembourgLuxembourg CityLuxembourg

Personalised recommendations