Soft systems methodology in action
Soft systems methodology in action
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Practical Unix and Internet security (2nd ed.)
Practical Unix and Internet security (2nd ed.)
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Communications of the ACM
Bowling alone: the collapse and revival of American community
CSCW '00 Proceedings of the 2000 ACM conference on Computer supported cooperative work
CSCW '00 Proceedings of the 2000 ACM conference on Computer supported cooperative work
Trust and deception in virtual societies
Safe and sound: a safety-critical approach to security
Proceedings of the 2001 workshop on New security paradigms
Pretty good persuasion: a first step towards effective password security in the real world
Proceedings of the 2001 workshop on New security paradigms
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Trouble with Computers: Usefulness, Usability, and Productivity
Trouble with Computers: Usefulness, Usability, and Productivity
An approach to usable security based on event monitoring and visualization
Proceedings of the 2002 workshop on New security paradigms
Moving from the design of usable security technologies to the design of useful secure applications
Proceedings of the 2002 workshop on New security paradigms
The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
Beyond Fear: Thinking Sensibly about Security in an Uncertain World
Beyond Fear: Thinking Sensibly about Security in an Uncertain World
The mechanics of trust: a framework for research and design
International Journal of Human-Computer Studies
Secrets and Lies
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Secure software installation in a mobile environment
Proceedings of the 3rd symposium on Usable privacy and security
Human-in-the-loop: rethinking security in mobile and pervasive systems
CHI '08 Extended Abstracts on Human Factors in Computing Systems
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Exploring the problem domain: a socio-technical ICT design for the developing world
Proceedings of the Tenth Anniversary Conference on Participatory Design 2008
Hi-index | 0.00 |
In order to be effective, secure systems need to be both correct (i.e. effective when used as intended) and dependable (i.e. actually being used as intended). Given that most secure systems involve people, a strategy for achieving dependable security must address both people and technology. Current research in Human-Computer Interactions in Security (HCISec) aims to increase dependability of the human element by reducing mistakes (e.g. through better user interfaces to security tools). We argue that a successful strategy also needs to consider the impact of social interaction on security, and in this respect trust is a central concept. We compare the understanding of trust in secure systems with the more differentiated models of trust in social science research. The security definition of "trust" turns out to map onto strategies that would be correctly described as "assurance" in the more differentiated model. We argue that distinguishing between trust and assurance yields a wider range of strategies for ensuring dependability of the human element in a secure socio-technical system. Furthermore, correctly placed trust can also benefit an organisation's culture and performance. We conclude by presenting design principles to help security designers decide "when to trust" and "when to assure", and give examples of how both strategies would be implemented in practice.