{"id":15771,"date":"2024-07-15T11:29:26","date_gmt":"2024-07-15T09:29:26","guid":{"rendered":"https:\/\/www.uni.lu\/fhse-en\/?post_type=core-researches&p=15771"},"modified":"2024-07-15T11:35:27","modified_gmt":"2024-07-15T09:35:27","slug":"stast-socio-technical-analysis-of-security-and-trust","status":"publish","type":"core-researches","link":"https:\/\/www.uni.lu\/fhse-en\/core-researches\/stast-socio-technical-analysis-of-security-and-trust\/","title":{"rendered":"STAST – Socio-technical analysis of security and trust"},"content":{"rendered":"","protected":false},"excerpt":{"rendered":"","protected":false},"author":295,"featured_media":0,"template":"","meta":{"featured_image_focal_point":[],"show_featured_caption":false,"ulux_newsletter_groups":"","uluxPostTitle":"","uluxPrePostTitle":"","_trash_the_other_posts":false,"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"rp_acronym":"STAST","rp_abstract":"One of the greatest challenges facing computer security today is to prevent attacks that exploit human weaknesses. Nowadays, only rarely attackers target the standard security technical components (e.g., the cryptographic protocols) of the system to violate the systems\u2019 defences. Instead, they often combine social engineering and technical strategies to conduct socio-technical attacks. Attackers undermine security by also exploiting the users misunderstanding of security mechanisms (often exacerbated by poorly designed user interfaces or unusable security. Socio-technical attacks threaten the foundations of the trust that users have in information and communication technology.One of the greatest challenges facing computer security today is to prevent attacks that exploit human weaknesses. Nowadays, only rarely attackers target the standard security technical components (e.g., the cryptographic protocols) of the system to violate the systems\u2019 defences. Instead, they often combine social engineering and technical strategies to conduct socio-technical attacks. A peculiarity of these threats is that an adversary combines social engineering with technical skills to circumvent the defenses of information systems. Attackers undermine security by also exploiting the users misunderstanding of security mechanisms (often exacerbated by poorly designed user interfaces or unusable security. Socio-technical attacks threaten the foundations of the trust that users have in information and communication technology. Up to now almost all the academic effort in information security has concentrated on solving the technical aspects of the problem. This proposal aims to fill this gap by studying the nature of socio-technical attacks and by providing tools for the analysis of security of information systems and services against these attacks. \nSpecifically, this project will achieve the following two goals:\n(1) To propose a framework in which to model socio-technical components of information systems.This goal includes modelling system\u2019s technical components but also the human-computer interfaces, the physical objects, the users and all their interactive ceremonies. This implies also, limitedly to our use case scenarios, modelling users\u2019 cognitive status and users\u2019 behavioural responses during an interaction with the system. \n(2) To develop tools to detect, possibly in a semi automatic or automatic way, attacks of socio-technical nature given a model of a system. This goal includes also to define the adversary model, and to identify the security properties that are relevant in a socio-technical framework. Up to certain level of detail, we have to specify the context where the interactions between the system\u2019s principals take place and the trust interactions between agents. We validate our result on test scenarios. The scenarios are taken from key domains in system security and trust: electronic voting, web certification, and ATM security. \nThe project will answer challenging research questions on how to embed user cognitive constraints and behavioural interactive patterns in the model of the system and how to analyse the overall system\u2019s security and integrity.This project requires an interdisciplinary approach which is ensured by the composition of the proponent team, namely: the Interdisciplinary Centre for Reliability, Security and Trust (SnT) with focus on trust, and the Educational Measurement and Applied Cognitive Science (EMACS) with focus on HCI and usability.The team will collaborate with 5 external partners : Univ. Catania, Univ. Newcastle, Norwegian TNU, Royal HollowayUniv. of London, and UCL. An industrial partner participates in the project: CIRCL, the incident response centre Luxembourg.","rp_start_date":"2011-01-03 23:00:00","rp_duration":36,"rp_main_funder":"FNR","rp_other_funders":[],"rp_external_partners":["University of Catania","Newcastle University","Norwegian University of Science and Technology","Royal Holloway University of London","London's Global University"],"rp_keywords":["Computer Security","Socio-technical Attacks","Prevention"],"rp_members":[{"name":"Gabriele LENZINI","isPI":true,"isExternal":false,"featuredImageUrl":"https:\/\/www.uni.lu\/en\/person-image\/NTAwMDIyMDBfX0dhYnJpZWxlIExFTlpJTkk=","detailsPageUrl":"https:\/\/www.uni.lu\/snt-en\/people\/gabriele-lenzini\/","id":"50002200"},{"name":"Peter Y A RYAN","isPI":true,"isExternal":false,"featuredImageUrl":"https:\/\/www.uni.lu\/en\/person-image\/NTAwMDI5NjVfX1BldGVyIFkgQSBSWUFO","detailsPageUrl":"https:\/\/www.uni.lu\/fstm-en\/people\/peter-y-a-ryan\/","id":"50002965"},{"name":"Giampaolo BELLA","isPI":false,"isExternal":true,"featuredImageUrl":"","detailsPageUrl":"","entity":"University of Catania"},{"name":"Lizzie COLES-KEMP","isPI":false,"isExternal":true,"featuredImageUrl":"","detailsPageUrl":"","entity":"Royal Holloway University of London"}]},"research-project-status":[272],"research-project-type":[263],"field-of-interest":[440],"organisation":[150,147],"authorship":[295],"acf":[],"_links":{"self":[{"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/core-researches\/15771"}],"collection":[{"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/core-researches"}],"about":[{"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/types\/core-researches"}],"author":[{"embeddable":true,"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/users\/295"}],"version-history":[{"count":1,"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/core-researches\/15771\/revisions"}],"predecessor-version":[{"id":15777,"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/core-researches\/15771\/revisions\/15777"}],"wp:authorship":[{"embeddable":true,"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/users\/295"}],"wp:attachment":[{"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/media?parent=15771"}],"wp:term":[{"taxonomy":"research-project-status","embeddable":true,"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/research-project-status?post=15771"},{"taxonomy":"research-project-type","embeddable":true,"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/research-project-type?post=15771"},{"taxonomy":"field-of-interest","embeddable":true,"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/field-of-interest?post=15771"},{"taxonomy":"organisation","embeddable":true,"href":"https:\/\/www.uni.lu\/fhse-en\/wp-json\/wp\/v2\/organisation?post=15771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}