Formal Methods for Socio-technical Security: (Formal and Automated Analysis of Security Ceremonies)

Research output: Chapter in Book/Report/Conference proceedingConference paper

241 Downloads (Pure)

Abstract

Software engineers and analysts traditionally focus on cyber systems as technical systems, which are built only from software processes, communication protocols, crypto algorithms, etc. They often neglect, or choose not, to consider the human user as a component of the system’s security as they lack the expertise to fully understand human factors and how they affect security. However, humans should not be designed out of the security loop. Instead, we must deal with security assurance as a true socio-technical problem rather than a mere technical one, and consider cyber systems as socio-technical systems with people at their hearts. The main goal of this short paper, which accompanies my keynote talk at the 24th International Conference on Coordination Models and Languages (COORDINATION 2022), is to advocate the use of formal methods to establish the security of socio-technical systems, and to discuss some of the most promising approaches, including those that I have helped develop.
Original languageEnglish
Title of host publicationCoordination Models and Languages (COORDINATION 2022)
Number of pages12
Publication statusPublished - 29 Apr 2022

Fingerprint

Dive into the research topics of 'Formal Methods for Socio-technical Security: (Formal and Automated Analysis of Security Ceremonies)'. Together they form a unique fingerprint.

Cite this