Understanding the use of passwords
Computers and Security
Pass-sentence—a new approach to computer code
Computers and Security
New security paradigms: what other concepts do we need as well?
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
Prospect on security paradigms
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Communications of the ACM
Survivability—a new technical and business perspective on security
Proceedings of the 1999 workshop on New security paradigms
Pass-algorithms: a user validation scheme based on knowledge of secret algorithms
Communications of the ACM
Secrets and Lies
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Bringing security home: a process for developing secure and usable systems
Proceedings of the 2003 workshop on New security paradigms
The user non-acceptance paradigm: INFOSEC's dirty little secret
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Security as a safety issue in rail communications
SCS '03 Proceedings of the 8th Australian workshop on Safety critical systems and software - Volume 33
Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
End-user privacy in human-computer interaction
Foundations and Trends in Human-Computer Interaction
Human-in-the-loop: rethinking security in mobile and pervasive systems
CHI '08 Extended Abstracts on Human Factors in Computing Systems
Integrating security and usability into the requirements and design process
International Journal of Electronic Security and Digital Forensics
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Collective information practice: emploring privacy and security as social and cultural phenomena
Human-Computer Interaction
Position: the user is the enemy
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
The true cost of unusable password policies: password use in the wild
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
QoS-T: QoS throttling to elicit user cooperation in computer systems
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
SEC'11 Proceedings of the 20th USENIX conference on Security
On designing usable and secure recognition-based graphical authentication mechanisms
Interacting with Computers
SP'11 Proceedings of the 19th international conference on Security Protocols
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems
Proceedings of the 2012 workshop on New security paradigms
A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements
International Journal of Information Security and Privacy
Tuning an HCI curriculum for master students to address interactive critical systems aspects
HCI'13 Proceedings of the 15th international conference on Human-Computer Interaction: human-centred design approaches, methods, tools, and environments - Volume Part I
| Hi-index | 0.00 |
This paper firstly argues that the design of security applications needs to consider more than technical elements. Since almost all security systems involve human users as well as technology, security should be considered, and designed as, a socio-technical work system. Secondly, we argue that safety-critical systems design has similar goals and issues to security design, and should thus provide a good starting point. Thirdly, we identify Reason's (1990) Generic Error Modeling System/Basic Elements of Production as the most suitable starting point for a socio-technical approach, and demonstrate how its basic elements can be applied to the domain of information security. We demonstrate how the application of the model's concepts, especially the distinction between active and latent failures, offers an effective way of identifying and addressing security issues that involve human behavior. Finally, we identify strengths and weaknesses of this approach, and the requirement for further work to produce a security-specific socio-technical design framework.