Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

In Cyber-Space No One Can Hear You S\(\cdot \)CREAM

A Root Cause Analysis for Socio-Technical Security

  • Conference paper
  • First Online:
Security and Trust Management (STM 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9331))

Included in the following conference series:

Abstract

Inspired by the root cause analysis techniques that in the field of safety research and practice help investigators understand the reasons of an incident, this paper investigates the use of root cause analysis in security. We aim at providing a systematic method for the security analyst to identify the socio-technical attack modes that can potentially endanger a system’s security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    For improved readability, we do not spell out ‘socio-technical’ in the following while it has to be systematically assumed.

  2. 2.

    See https://capec.mitre.org/.

References

  1. Cranor, L.F.: A framework for reasoning about the human in the loop. Proc. First Conf. Usability Psychol. Secur. 1–15 (2008). http://portal.acm.org/citation.cfm?id=1387650

  2. Curzon, P., Ruksenas, R., Blandford, A.: An approach to formal verification of humancomputer interaction. Form. Aspects Comput. 19(4), 513–550 (2007)

    Article  MATH  Google Scholar 

  3. Carlos, M., Price, G.: Understanding the weaknesses of human-protocol interaction. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 13–26. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Corporation, M.: CAPEC - Common Attack Pattern Enumeration and Classification (2014). https://capec.mitre.org/

  5. Hollnagel, E.: Cognitive reliability and error analysis method CREAM. Elsevier, Oxford (1998)

    Google Scholar 

  6. Hollnagel, H.: FRAM: The Functional Resonance Analysis Method: Modelling Complex Socio-technical Systems. MPG Books Group (2012)

    Google Scholar 

  7. Cacciabue, P.C.: Guide to Applying Human Factors Methods - Human Error and Accident Management in Safety-Critical Systems. Springer, Heidelberg (2004)

    Book  Google Scholar 

  8. Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G.: A conceptual framework to study socio-technical security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 318–329. Springer, Heidelberg (2014)

    Google Scholar 

  9. Serwy, R.D., Rantanen, E.M.: Evaluation of a software implementation of the cognitive reliability and error analysis method (CREAM). Proc. Hum. Factors Ergonomics Soc. Ann. Meet. 51(18), 1249–1253 (2007)

    Article  Google Scholar 

  10. Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G., Rivas, S.: Do graphical cues effectively inform users? In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 323–334. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  11. Raskin, A.: Tabnabbing: A New Type of Phishing Attack. http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

Download references

Acknowledgments

This research is supported by FNR Luxembourg, project I2R-APS-PFN-11STAS.

Author information

Authors and Affiliations

  1. CINTESIS, University of Porto, Porto, Portugal

    Ana Ferreira

  2. SnT and COSA, University of Luxembourg, Luxembourg City, Luxembourg

    Jean-Louis Huynen, Vincent Koenig & Gabriele Lenzini

Authors
  1. Ana Ferreira
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Louis Huynen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vincent Koenig
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gabriele Lenzini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jean-Louis Huynen .

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università degli Studi di Milano, Crema, Italy

    Sara Foresti

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ferreira, A., Huynen, JL., Koenig, V., Lenzini, G. (2015). In Cyber-Space No One Can Hear You S\(\cdot \)CREAM. In: Foresti, S. (eds) Security and Trust Management. STM 2015. Lecture Notes in Computer Science(), vol 9331. Springer, Cham. https://doi.org/10.1007/978-3-319-24858-5_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-24858-5_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-24857-8

  • Online ISBN: 978-3-319-24858-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation