Brostoff, S;
Sasse, MA;
(2001)
Safe and sound: A safety-critical approach to security.
In:
Proceedings of the workshop on New security paradigms NSPW '01.
(pp. pp. 41-50).
ACM: Cloudcroft, New Mexico.
Preview |
Text
Sasse_safe_and_sound.pdf - Accepted Version Download (424kB) | Preview |
Abstract
This paper firstly argues that the design of security applications needs to consider more than technical elements. Since almost all security systems involve human users as well as technology, security should be considered, and designed as, a socio-technical work system. Secondly, we argue that safety-critical systems design has similar goals' and issues to security design, and should thus provide a good starting point. Thirdly, we identify Reason's (1990) Generic Error Modeling System/Basic Elements of Production as the most suitable starting point for a socio-technical approach, and demonstrate how its basic elements can be applied to the domain of information security. We demonstrate how the application of the model's concepts, especially the distinction between active and latent failures, offers an effective way of identifying and addressing security issues that involve human behavior. Finally, we identify strengths and weaknesses of this approach, and the requirement for further work to produce a security-specific socio-technical design framework.
Type: | Proceedings paper |
---|---|
Title: | Safe and sound: A safety-critical approach to security |
Event: | workshop on New security paradigms NSPW '01 |
Open access status: | An open access version is available from UCL Discovery |
DOI: | 10.1145/508171.508178 |
Publisher version: | https://doi.org/10.1145/508171.508178 |
Language: | English |
Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
UCL classification: | UCL UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences > Faculty of Brain Sciences UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/10056380 |
Archive Staff Only
View Item |