Flechais, I;
Riegelsberger, J;
Sasse, MA;
(2006)
Divide and conquer: The role of trust and assurance in the design of socio-technical systems.
In: Foley, S, (ed.)
NSPW '05: Proceedings of the 2005 workshop on New security paradigms.
(pp. pp. 33-41).
Association for Computing Machinery (ACM): New York, NY, USA.
Preview |
Text
Sasse_Flechais%2BRiegelsberger%2BSasse_Divide and Conquer_New security paradigms workshop2005.pdf Download (139kB) | Preview |
Abstract
In order to be effective, secure systems need to be both correct (i.e. effective when used as intended) and dependable (i.e. actually being used as intended). Given that most secure systems involve people, a strategy for achieving dependable security must address both people and technology. Current research in Human-Computer Interactions in Security (HCISec) aims to increase dependability of the human element by reducing mistakes (e.g. through better user interfaces to security tools). We argue that a successful strategy also needs to consider the impact of social interaction on security, and in this respect trust is a central concept. We compare the understanding of trust in secure systems with the more differentiated models of trust in social science research. The security definition of "trust" turns out to map onto strategies that would be correctly described as "assurance" in the more differentiated model. We argue that distinguishing between trust and assurance yields a wider range of strategies for ensuring dependability of the human element in a secure socio-technical system. Furthermore, correctly placed trust can also benefit an organisation's culture and performance. We conclude by presenting design principles to help security designers decide "when to trust" and "when to assure", and give examples of how both strategies would be implemented in practice.
Type: | Proceedings paper |
---|---|
Title: | Divide and conquer: The role of trust and assurance in the design of socio-technical systems |
Event: | 2005 workshop on New security paradigms (NSPW '05) |
ISBN: | 1595933174 |
Open access status: | An open access version is available from UCL Discovery |
DOI: | 10.1145/1146269.1146280 |
Publisher version: | http://dx.doi.org/10.1145/1146269.1146280 |
Language: | English |
Additional information: | Copyright © 2006 ACM. |
UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/19832 |
Archive Staff Only
View Item |