Skip to main content
SpringerLink
Log in

Social Constructionism in Security Protocols

A Position on Human Experience, Psychology and Security

  • Conference paper
  • First Online:
Security Protocols XXVII (Security Protocols 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12287))

Included in the following conference series:

  • 410 Accesses

Abstract

Understanding the human in computer security through Qualitative Research aims at a conceptual repositioning. The aim is to leverage individual human experience to understand and improve the impact of humans in computer security. Embracing what is particular, complex and subtle in the human social experience means understanding precisely what is happening when people transgress protocols. Repositioning transgression as normal, by researching what people working in Computer Network Defense do, how they construct an understanding of what they do, and why they do it, facilitates addressing the human aspects of this work on its own terms. Leveraging the insights developed through Qualitative Research means that it is possible to envisage and develop appropriate remedies using Applied Psychology, and thereby improve computer security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Albanese, M., et al.: Computer-aided human centric cyber situation awareness. In: Liu, P., Jajodia, S., Wang, C. (eds.) Theory and Models for Cyber Situation Awareness. LNCS, vol. 10030, pp. 3–25. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61152-5_1

    Chapter  Google Scholar 

  2. Basin, D.A., Radomirovic, S., Schmid, L.: Modeling human errors in security protocols. In: IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, 27 June–1 July 2016, pp. 325–340 (2016). https://doi.org/10.1109/CSF.2016.30

  3. Baxter, L.A.: Voicing Relationships. Sage Publications, London (2011)

    Google Scholar 

  4. Baxter, L.A., Braithwaite, D.O.: Relational dialectics theory. In: Baxter, L.A., Braithwaite, D.O. (eds.) Engaging Theories in Interpersonal Communication: Multiple Perspectives, pp. 349–361. Sage Publications, London (2008)

    Chapter  Google Scholar 

  5. Bella, G., Coles-Kemp, L.: Layered analysis of security ceremonies. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 273–286. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_23

    Chapter  Google Scholar 

  6. Charmaz, K.: Constructing Grounded Theory. Sage Publications, London (2006)

    Google Scholar 

  7. Darwiche, A., et al.: Samiam: Sensitivity analysis, modeling, inference and more. UCLA Automated Reasoning Group. http://reasoning.cs.ucla.edu/samiam. Accessed on 05 Aug 2019

  8. Ellison, C.M.: Ceremony design and analysis. IACR Cryptology ePrint Archive 2007, 399 (2007). http://eprint.iacr.org/2007/399

  9. Festinger, L.: A Theory of Cognitive Dissonance. Stanford University Press, Palo Alto (1957)

    Google Scholar 

  10. Foley, S.N.: A nonfunctional approach to system integrity. IEEE J. Sel. Areas Commun. 21(1), 36–43 (2003). https://doi.org/10.1109/JSAC.2002.806124

    Article  Google Scholar 

  11. Foley, S.N., Rooney, V.M.: Qualitative analysis for trust management. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 7028, pp. 298–307. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36213-2_33

    Chapter  Google Scholar 

  12. Foley, S.N., Rooney, V.M.: A grounded theory approach to security policy elicitation. Inf. Comput. Secur. 26(4), 454–471 (2018). https://doi.org/10.1108/ICS-12-2017-0086

    Article  Google Scholar 

  13. Johansen, C., Jøsang, A.: Probabilistic modelling of humans in security ceremonies. In: Garcia-Alfaro, J., et al. (eds.) DPM/QASA/SETOP -2014. LNCS, vol. 8872, pp. 277–292. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17016-9_18

    Chapter  Google Scholar 

  14. Johansen, C., Pedersen, T., Jøsang, A.: Towards behavioural computer science. In: Habib, S.M.M., Vassileva, J., Mauw, S., Mühlhäuser, M. (eds.) IFIPTM 2016. IAICT, vol. 473, pp. 154–163. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41354-9_12

    Chapter  Google Scholar 

  15. Johnson, C., Badger, L., Waltermire, D., Snyder, J., Skorupka, C.: Guide to cyber threat information sharing. Technical report. NIST Special Publication 800–150. National Institute of Standards and Technology, MD, USA (2016). https://csrc.nist.gov/publications/detail/sp/800-150/final

  16. Kvale, S.: InterViews. An Introduction to Qualitative Research Interviewing. Sage Publications, London (1996)

    Google Scholar 

  17. Lallemanda, C., Groniera, G., Koenig, V.: User experience: a concept without consensus? Exploring practitioners’ perspectives through an international survey. Comput. Hum. Behav. 43, 35–48 (2015). https://doi.org/10.1016/j.chb.2014.10.048

    Article  Google Scholar 

  18. Paul, C.L., Whitley, K.: A taxonomy of cyber awareness questions for the user-centered design of cyber situation awareness. In: Marinos, L., Askoxylakis, I. (eds.) HAS 2013. LNCS, vol. 8030, pp. 145–154. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39345-7_16

    Chapter  Google Scholar 

  19. Rooney, V.M., Foley, S.N.: What you can change and what you can’t: human experience in computer network defenses. In: Gruschka, N. (ed.) NordSec 2018. LNCS, vol. 11252, pp. 219–235. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03638-6_14

    Chapter  Google Scholar 

  20. Sundaramurthy, S., McHugh, J., Ou, X., Wesch, M., Bardas, A., Rajagopalan, S.: Turning contradictions into innovations or: how we learned to stop whining and improve security operations. In: Symposium on Usable Privacy and Security (SOUPS). USENIX (2016)

    Google Scholar 

  21. Tajfel, H., Turner, J.: An integrative theory of intergroup conflict. In: Austin, W.G., Worchel, S. (eds.) The Social Psychology of Intergroup Relations, pp. 33–47. Brooks/Cole publishing, Monterey (1979)

    Google Scholar 

  22. Twining, P., Heller, R.S., Nussbaum, M., Tsai, C.C.: Some guidance on conducting and reporting qualitative studies. Comput. Educ. 106, A1–A9 (2017). https://doi.org/10.1016/j.compedu.2016.12.002

    Article  Google Scholar 

Download references

Acknowledgement

This work was initiated at IMT Atlantique and completed at NTNU. It was supported, in part, the Norwegian National Security Authority and by the Cyber CNI Chair of Institute Mines-Télécom which is held by IMT Atlantique in Rennes, France.

Author information

Authors and Affiliations

  1. Department of Information Security and Communication Technology, Norwegian University of Science and Technology, 2815, Gjøvik, Norway

    Simon N. Foley & Vivien M. Rooney

Authors
  1. Simon N. Foley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vivien M. Rooney
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Memorial University, St. John's, NL, Canada

    Jonathan Anderson

  2. Computer Laboratory, University of Cambridge, Cambridge, UK

    Frank Stajano

  3. University of Hertfordshire, Hatfield, UK

    Bruce Christianson

  4. Masaryk University, Brno, Czech Republic

    Vashek Matyáš

A Some Categories and Codes From the Use Case

A Some Categories and Codes From the Use Case

The following provides examples of some of the uncovered categories and codes that are relevant to the phenomena of cyber-threat information sharing that emerged during Grounded Theory analysis, as part of a study on cyber network defenders.

1.1 A.1 Category: Procedures

  • Line by Line code (number of occurrences)

  • procedures/Absence/Creativity (2)

  • procedures/ImportanceOf (5)

  • proceduresSlowYouDown (1)

1.2 A.2 Category: Crisis Resolution and Team Work

  • Line by Line code (number of occurrences)

  • crisis/WholeTeamWork (3)

  • work/CrisisBeingAlone (3)

  • workaround/NotInProcedures (2)

1.3 A.3 Category: Inherent Goods/Those Gaining Approval

  • Line by Line code (number of occurrences)

  • crisis/Solved (5)

  • crisis/Solved/Speed (2)

  • intuition/roleInTheWork (2)

  • procedures/Absence/Creativity (2)

1.4 A.4 Category: Crises Described in Detail

  • Line by Line code (number of occurrences)

  • crisis/Solved/Relief (3)

  • crisis/Solving/TakesTime (1)

  • crisis/Solved/Speed (2)

  • crisis/TimeLine (3)

  • identifyingTheCrisis (2)

  • identifyingTheCrisisEnd (8)

  • work/CrisisBeingAlone (3)

1.5 A.5 Category: Tension Between Differing Agendas

  • Line by Line code (number of occurrences)

  • communicatingWithNonTeam (4)

  • regulatorsLegalAgenda (8)

  • tension/QualityServiceCommercialGoal (5)

1.6 A.6 Category: The Company Commercial Matters

  • Line by Line code (number of occurrences)

  • askingForHelpOutsideTeam (2)

  • crisis/AssigningResponsibility (3)

1.7 A.7 Category: Being Part of Community

  • Line by Line code (number of occurrences in the data)

  • cyberDefendersCommunity (3)

  • cyberDefendersTension (2)

  • cyberDefendersUnited (6)

  • cyberThreatsGlobal (16)

  • externalContextImportant (5)

  • externalLinksImportant (8)

  • firefighterMercenariesRole (13)

  • informationSharingImportant (13)

  • informationToConfirmIncident (4)

  • linksWithOther[deleted]sImportant (6)

1.8 A.8 Category: Information on Cyber Security and Defense

  • Line by Line code (number of occurrences in the data)

  • informationRequired [deleted] (11)

  • informationRequired[deleted]Burden (1)

  • informationSecurityImportant (8)

  • informationSharingManaged (11)

  • informationSortingImportant (13)

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Foley, S.N., Rooney, V.M. (2020). Social Constructionism in Security Protocols. In: Anderson, J., Stajano, F., Christianson, B., Matyáš, V. (eds) Security Protocols XXVII. Security Protocols 2019. Lecture Notes in Computer Science(), vol 12287. Springer, Cham. https://doi.org/10.1007/978-3-030-57043-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-57043-9_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-57042-2

  • Online ISBN: 978-3-030-57043-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation