Quantitative security metrics with human in the loop

Mohammad Noureddine; Ken Keefe; William H. Sanders; Masooda Bashir

doi:10.1145/2746194.2746215

Quantitative security metrics with human in the loop

Mohammad Noureddine, Ken Keefe, William H. Sanders, Masooda Bashir

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The human factor is often regarded as the weakest link in cybersecurity systems. The investigation of several security breaches reveals an important impact of human errors in exhibiting security vulnerabilities. Although security researchers have long observed the impact of human behavior, few improvements have been made in designing secure systems that are resilient to the uncertainties of the human element. In this work, we summarize the state of the art work in human cybersecurity research, and present the Human-Influenced Task-Oriented (HITOP) formalism for modeling human decisions in security systems. We also provide a roadmap for future research. We aim at developing a simulation tool that allows modeling and analysis of security systems in light of the uncertainties of human behavior.

Original language	English (US)
Title of host publication	Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015
Publisher	Association for Computing Machinery
ISBN (Electronic)	9781450333764
DOIs	https://doi.org/10.1145/2746194.2746215
State	Published - Apr 21 2015
Event	Symposium and Bootcamp on the Science of Security, HotSoS 2015 - Urbana, United States Duration: Apr 21 2015 → Apr 22 2015

Publication series

Name	ACM International Conference Proceeding Series
Volume	21-22-April-2015

Other

Other	Symposium and Bootcamp on the Science of Security, HotSoS 2015
Country/Territory	United States
City	Urbana
Period	4/21/15 → 4/22/15

Keywords

Human models
Quantitative security metrics
Security modeling

ASJC Scopus subject areas

Software
Human-Computer Interaction
Computer Vision and Pattern Recognition
Computer Networks and Communications

Online availability

10.1145/2746194.2746215

Library availability

Discover UIUC Full Text

Cite this

Noureddine, M., Keefe, K., Sanders, W. H., & Bashir, M. (2015). Quantitative security metrics with human in the loop. In Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015 Article 2746215 (ACM International Conference Proceeding Series; Vol. 21-22-April-2015). Association for Computing Machinery. https://doi.org/10.1145/2746194.2746215

Quantitative security metrics with human in the loop. / Noureddine, Mohammad; Keefe, Ken; Sanders, William H. et al.
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015. Association for Computing Machinery, 2015. 2746215 (ACM International Conference Proceeding Series; Vol. 21-22-April-2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Noureddine, M, Keefe, K, Sanders, WH & Bashir, M 2015, Quantitative security metrics with human in the loop. in Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015., 2746215, ACM International Conference Proceeding Series, vol. 21-22-April-2015, Association for Computing Machinery, Symposium and Bootcamp on the Science of Security, HotSoS 2015, Urbana, United States, 4/21/15. https://doi.org/10.1145/2746194.2746215

@inproceedings{8f2acef604df4b8f80234ce16ab67b5c,

title = "Quantitative security metrics with human in the loop",

abstract = "The human factor is often regarded as the weakest link in cybersecurity systems. The investigation of several security breaches reveals an important impact of human errors in exhibiting security vulnerabilities. Although security researchers have long observed the impact of human behavior, few improvements have been made in designing secure systems that are resilient to the uncertainties of the human element. In this work, we summarize the state of the art work in human cybersecurity research, and present the Human-Influenced Task-Oriented (HITOP) formalism for modeling human decisions in security systems. We also provide a roadmap for future research. We aim at developing a simulation tool that allows modeling and analysis of security systems in light of the uncertainties of human behavior.",

keywords = "Human models, Quantitative security metrics, Security modeling",

author = "Mohammad Noureddine and Ken Keefe and Sanders, {William H.} and Masooda Bashir",

year = "2015",

month = apr,

day = "21",

doi = "10.1145/2746194.2746215",

language = "English (US)",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

booktitle = "Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015",

address = "United States",

}

TY - GEN

T1 - Quantitative security metrics with human in the loop

AU - Noureddine, Mohammad

AU - Keefe, Ken

AU - Sanders, William H.

AU - Bashir, Masooda

PY - 2015/4/21

Y1 - 2015/4/21

N2 - The human factor is often regarded as the weakest link in cybersecurity systems. The investigation of several security breaches reveals an important impact of human errors in exhibiting security vulnerabilities. Although security researchers have long observed the impact of human behavior, few improvements have been made in designing secure systems that are resilient to the uncertainties of the human element. In this work, we summarize the state of the art work in human cybersecurity research, and present the Human-Influenced Task-Oriented (HITOP) formalism for modeling human decisions in security systems. We also provide a roadmap for future research. We aim at developing a simulation tool that allows modeling and analysis of security systems in light of the uncertainties of human behavior.

AB - The human factor is often regarded as the weakest link in cybersecurity systems. The investigation of several security breaches reveals an important impact of human errors in exhibiting security vulnerabilities. Although security researchers have long observed the impact of human behavior, few improvements have been made in designing secure systems that are resilient to the uncertainties of the human element. In this work, we summarize the state of the art work in human cybersecurity research, and present the Human-Influenced Task-Oriented (HITOP) formalism for modeling human decisions in security systems. We also provide a roadmap for future research. We aim at developing a simulation tool that allows modeling and analysis of security systems in light of the uncertainties of human behavior.

KW - Human models

KW - Quantitative security metrics

KW - Security modeling

UR - http://www.scopus.com/inward/record.url?scp=84986625370&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84986625370&partnerID=8YFLogxK

U2 - 10.1145/2746194.2746215

DO - 10.1145/2746194.2746215

M3 - Conference contribution

AN - SCOPUS:84986625370

T3 - ACM International Conference Proceeding Series

BT - Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015

PB - Association for Computing Machinery

T2 - Symposium and Bootcamp on the Science of Security, HotSoS 2015

Y2 - 21 April 2015 through 22 April 2015

ER -

Quantitative security metrics with human in the loop

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this