Abstract

The human factor is often regarded as the weakest link in cybersecurity systems. The investigation of several security breaches reveals an important impact of human errors in exhibiting security vulnerabilities. Although security researchers have long observed the impact of human behavior, few improvements have been made in designing secure systems that are resilient to the uncertainties of the human element. In this work, we summarize the state of the art work in human cybersecurity research, and present the Human-Influenced Task-Oriented (HITOP) formalism for modeling human decisions in security systems. We also provide a roadmap for future research. We aim at developing a simulation tool that allows modeling and analysis of security systems in light of the uncertainties of human behavior.

Original languageEnglish (US)
Title of host publicationProceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450333764
DOIs
StatePublished - Apr 21 2015
EventSymposium and Bootcamp on the Science of Security, HotSoS 2015 - Urbana, United States
Duration: Apr 21 2015Apr 22 2015

Publication series

NameACM International Conference Proceeding Series
Volume21-22-April-2015

Other

OtherSymposium and Bootcamp on the Science of Security, HotSoS 2015
CountryUnited States
CityUrbana
Period4/21/154/22/15

Fingerprint

Security systems
Human engineering
Uncertainty

Keywords

  • Human models
  • Quantitative security metrics
  • Security modeling

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Noureddine, M., Keefe, K., Sanders, W. H., & Bashir, M. (2015). Quantitative security metrics with human in the loop. In Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015 [2746215] (ACM International Conference Proceeding Series; Vol. 21-22-April-2015). Association for Computing Machinery. https://doi.org/10.1145/2746194.2746215

Quantitative security metrics with human in the loop. / Noureddine, Mohammad; Keefe, Ken; Sanders, William H.; Bashir, Masooda.

Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015. Association for Computing Machinery, 2015. 2746215 (ACM International Conference Proceeding Series; Vol. 21-22-April-2015).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Noureddine, M, Keefe, K, Sanders, WH & Bashir, M 2015, Quantitative security metrics with human in the loop. in Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015., 2746215, ACM International Conference Proceeding Series, vol. 21-22-April-2015, Association for Computing Machinery, Symposium and Bootcamp on the Science of Security, HotSoS 2015, Urbana, United States, 4/21/15. https://doi.org/10.1145/2746194.2746215
Noureddine M, Keefe K, Sanders WH, Bashir M. Quantitative security metrics with human in the loop. In Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015. Association for Computing Machinery. 2015. 2746215. (ACM International Conference Proceeding Series). https://doi.org/10.1145/2746194.2746215
Noureddine, Mohammad ; Keefe, Ken ; Sanders, William H. ; Bashir, Masooda. / Quantitative security metrics with human in the loop. Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015. Association for Computing Machinery, 2015. (ACM International Conference Proceeding Series).
@inproceedings{8f2acef604df4b8f80234ce16ab67b5c,
title = "Quantitative security metrics with human in the loop",
abstract = "The human factor is often regarded as the weakest link in cybersecurity systems. The investigation of several security breaches reveals an important impact of human errors in exhibiting security vulnerabilities. Although security researchers have long observed the impact of human behavior, few improvements have been made in designing secure systems that are resilient to the uncertainties of the human element. In this work, we summarize the state of the art work in human cybersecurity research, and present the Human-Influenced Task-Oriented (HITOP) formalism for modeling human decisions in security systems. We also provide a roadmap for future research. We aim at developing a simulation tool that allows modeling and analysis of security systems in light of the uncertainties of human behavior.",
keywords = "Human models, Quantitative security metrics, Security modeling",
author = "Mohammad Noureddine and Ken Keefe and Sanders, {William H.} and Masooda Bashir",
year = "2015",
month = "4",
day = "21",
doi = "10.1145/2746194.2746215",
language = "English (US)",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
booktitle = "Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015",

}

TY - GEN

T1 - Quantitative security metrics with human in the loop

AU - Noureddine, Mohammad

AU - Keefe, Ken

AU - Sanders, William H.

AU - Bashir, Masooda

PY - 2015/4/21

Y1 - 2015/4/21

N2 - The human factor is often regarded as the weakest link in cybersecurity systems. The investigation of several security breaches reveals an important impact of human errors in exhibiting security vulnerabilities. Although security researchers have long observed the impact of human behavior, few improvements have been made in designing secure systems that are resilient to the uncertainties of the human element. In this work, we summarize the state of the art work in human cybersecurity research, and present the Human-Influenced Task-Oriented (HITOP) formalism for modeling human decisions in security systems. We also provide a roadmap for future research. We aim at developing a simulation tool that allows modeling and analysis of security systems in light of the uncertainties of human behavior.

AB - The human factor is often regarded as the weakest link in cybersecurity systems. The investigation of several security breaches reveals an important impact of human errors in exhibiting security vulnerabilities. Although security researchers have long observed the impact of human behavior, few improvements have been made in designing secure systems that are resilient to the uncertainties of the human element. In this work, we summarize the state of the art work in human cybersecurity research, and present the Human-Influenced Task-Oriented (HITOP) formalism for modeling human decisions in security systems. We also provide a roadmap for future research. We aim at developing a simulation tool that allows modeling and analysis of security systems in light of the uncertainties of human behavior.

KW - Human models

KW - Quantitative security metrics

KW - Security modeling

UR - http://www.scopus.com/inward/record.url?scp=84986625370&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84986625370&partnerID=8YFLogxK

U2 - 10.1145/2746194.2746215

DO - 10.1145/2746194.2746215

M3 - Conference contribution

AN - SCOPUS:84986625370

T3 - ACM International Conference Proceeding Series

BT - Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015

PB - Association for Computing Machinery

ER -