UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Divide and conquer: The role of trust and assurance in the design of socio-technical systems

Flechais, I; Riegelsberger, J; Sasse, MA; (2006) Divide and conquer: The role of trust and assurance in the design of socio-technical systems. In: Foley, S, (ed.) NSPW '05: Proceedings of the 2005 workshop on New security paradigms. (pp. pp. 33-41). Association for Computing Machinery (ACM): New York, NY, USA. Green open access

[thumbnail of Sasse_Flechais%2BRiegelsberger%2BSasse_Divide and Conquer_New security paradigms workshop2005.pdf]
Preview
Text
Sasse_Flechais%2BRiegelsberger%2BSasse_Divide and Conquer_New security paradigms workshop2005.pdf

Download (139kB) | Preview

Abstract

In order to be effective, secure systems need to be both correct (i.e. effective when used as intended) and dependable (i.e. actually being used as intended). Given that most secure systems involve people, a strategy for achieving dependable security must address both people and technology. Current research in Human-Computer Interactions in Security (HCISec) aims to increase dependability of the human element by reducing mistakes (e.g. through better user interfaces to security tools). We argue that a successful strategy also needs to consider the impact of social interaction on security, and in this respect trust is a central concept. We compare the understanding of trust in secure systems with the more differentiated models of trust in social science research. The security definition of "trust" turns out to map onto strategies that would be correctly described as "assurance" in the more differentiated model. We argue that distinguishing between trust and assurance yields a wider range of strategies for ensuring dependability of the human element in a secure socio-technical system. Furthermore, correctly placed trust can also benefit an organisation's culture and performance. We conclude by presenting design principles to help security designers decide "when to trust" and "when to assure", and give examples of how both strategies would be implemented in practice.

Type: Proceedings paper
Title: Divide and conquer: The role of trust and assurance in the design of socio-technical systems
Event: 2005 workshop on New security paradigms (NSPW '05)
ISBN: 1595933174
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/1146269.1146280
Publisher version: http://dx.doi.org/10.1145/1146269.1146280
Language: English
Additional information: Copyright © 2006 ACM.
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/19832
Downloads since deposit
197Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item