Advertisement

Walking the Line: The Everyday Security Ties that Bind

  • Lizzie Coles-KempEmail author
  • René Rydhof Hansen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10292)

Abstract

In this paper we argue that in contemporary society a form of security emerges that is qualitatively neither technological nor social but that is truly sociotechnical. We argue that everyday security is a form of sociotechnical security co-constituted of both technological protection mechanisms designed to protect assets and of relational social practices that enable people to build and maintain trust in their daily interactions. We further argue that the complexity of real-world information security problems requires security models that are able to articulate and examine security as a sociotechnical phenomenon and that can articulate and examine the results of interaction between these two security constructions. Security must be modelled to acknowledge, at least, the connection between an individual’s security needs and the protection of assets if it is to help design secure services with which citizens can safely engage. We exemplify these attributes from case studies conducted as part of two sociotechnical research projects: the UK government and research council funded Cyber Security Cartographies (CySeCa) project and the EU FP7 funded project TREsPASS. These are introduced to discuss the potential for a family of modelling techniques. In this paper we examine the attributes of everyday security problems and reflect upon how such a modelling family might influence both academic research and practice in contemporary information security.

Keywords

Information Security Security Model Access Control Policy Access Control Model Human Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Adey, P.: Facing airport security: affect, biopolitics, and the preemptive securitisation of the mobile body. Environ. Plan. D: Soc. Space 27(2), 274–295 (2009)CrossRefGoogle Scholar
  2. 2.
    Anderson, J.P.: Computer security technology planning study. Technical report ESD-TR-73-51, Electronic Systems Division, Hanscom Airforce Base, Hanscom, MA, USA, October 1972Google Scholar
  3. 3.
    Bell, D.E., LaPadula, L.J.: Secure computer systems: mathematical foundations. Technical report ESD-TR-73-278, ESD/AFSC, Hanscom AFB, Bedford, MA, November 1973. Also appears as MTR-2547, vol. 1, Mitre Corp., Bedford, MA. Digitally reconstructed in 1996Google Scholar
  4. 4.
    Briggs, P., Jeske, D., Coventry, L.: Behavior change interventions for cybersecurity. In: Behavior Change Research and Theory: Psychological and Technological Perspectives, p. 115 (2016)Google Scholar
  5. 5.
    Coles-Kemp, L., Ashenden, D.: Community-centric engagement: lessons learned from privacy awareness intervention design. In: Proceedings of BCS HCI Workshops: Designing Interactive Secure Systems, pp. 4:1–4:4, September 2012Google Scholar
  6. 6.
    Coles-Kemp, L., Kani-Zabihi, E.: Practice makes perfect: motivating confident privacy protection practices. In: Proceedings of the IEEE Third International Conference on Privacy, Security, Risk and Trust (PASSAT 2011) and the IEEE Third International Conference on Social Computing (SocialCom 2011), pp. 866–871. IEEE (2011)Google Scholar
  7. 7.
    Coventry, L., Briggs, P., Jeske, D., Moorsel, A.: SCENE: a structured means for creating and evaluating behavioral nudges in a cyber security environment. In: Marcus, A. (ed.) DUXU 2014. LNCS, vol. 8517, pp. 229–239. Springer, Cham (2014). doi: 10.1007/978-3-319-07668-3_23 CrossRefGoogle Scholar
  8. 8.
    Crampton, J.W.: Cartographic rationality and the politics of geosurveillance and security. Cartogr. Geogr. Inf. Sci. 30(2), 135–148 (2003)CrossRefGoogle Scholar
  9. 9.
    David, N., David, A., Hansen, R.R., Larsen, K.G., Legay, A., Olesen, M.C., Probst, C.W.: Modelling social-technical attacks with timed automata. In: Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (MIST 2015), pp. 21–28. ACM (2015)Google Scholar
  10. 10.
    Denney, D.: Risk and Society. SAGE, Thousand Oaks (2005)Google Scholar
  11. 11.
    Dodds, K.: Jason bourne: gender, geopolitics, and contemporary representations of national security. J. Popul. Film Telev. 38(1), 21–33 (2010)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Dourish, P., Grinter, R.E., Flor, J.D., Joseph, M.: Security in the wild: user strategies for managing security as an everyday, practical problem. Pers. Ubiquit. Comput. 8(6), 391–401 (2004)CrossRefGoogle Scholar
  13. 13.
    Giddens, A.: Modernity and Self-identity: Self and Society in the Late Modern Age. Stanford University Press, Palo Alto (1991)Google Scholar
  14. 14.
    Hansen, L., Nissenbaum, H.: Digital disaster, cyber security, and the Copenhagen school. Int. Stud. Q. 53(4), 1155–1175 (2009)CrossRefGoogle Scholar
  15. 15.
    Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)CrossRefzbMATHGoogle Scholar
  16. 16.
    Heath, C.H.P., Coles-Kemp, L., Hall, P.A., et al.: Logical Lego? Co-constructed perspectives on service design. In: Proceedings of the 10th Biannual Conference on Design and Development, pp. 416–425 (2014)Google Scholar
  17. 17.
    Inglesant, P., Sasse, M.A.: Information security as organizational power: a framework for re-thinking security policies. In: 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST), pp. 9–16. IEEE (2011)Google Scholar
  18. 18.
    Jeske, D., Briggs, P., Coventry, L.: Exploring the relationship between impulsivity and decision-making on mobile devices. Pers. Ubiquit. Comput. 20(4), 545–557 (2016)CrossRefGoogle Scholar
  19. 19.
    Lampson, B.: Protection. In: Proceedings of the 5th Princeton Conference on Information Sciences and Systems. Princeton (1971). Reprinted in ACM Oper. Syst. Rev. 8(1), 18–24 (1974)Google Scholar
  20. 20.
    Lewis, M.M., Coles-Kemp, L., Siganto, J.: Picture this: tools to help community storytelling. In: Presented at the CHI 2014 Workshop on Tactile User Experience Evaluation Methods (2014). https://www.riscs.org.uk/?p=832
  21. 21.
    Light, A., Coles-Kemp, L.: Granddaughter beware! An intergenerational case study of managing trust issues in the use of Facebook. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) Trust 2013. LNCS, vol. 7904, pp. 196–204. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38908-5_15 CrossRefGoogle Scholar
  22. 22.
    McLean, J.: Security models. In: Marciniak, J. (ed.) Encyclopedia of Software Engineering. Wiley, Hoboken (1994)Google Scholar
  23. 23.
    McSweeney, B.: Security, Identity and Interests: A Sociology of International Relations. Cambridge Studies in International Relations. Cambridge University Press, Cambridge (1999)CrossRefGoogle Scholar
  24. 24.
    Molotch, H.: Everyday security: default to decency. IEEE Secur. Priv. 11(6), 84–87 (2013)CrossRefGoogle Scholar
  25. 25.
    Monk, A., Howard, S.: Methods & tools: the rich picture: a tool for reasoning about work context. Interactions 5(2), 21–30 (1998)CrossRefGoogle Scholar
  26. 26.
    Neocleous, M.: Critique of Security. Edinburgh University Press, Edinburgh (2008)CrossRefzbMATHGoogle Scholar
  27. 27.
    O’Loughlin, B., Gillespie, M.: Dissenting citizenship? Young people and political participation in the media-security nexus. Parliam. Aff. 65(1), 115–137 (2012)CrossRefGoogle Scholar
  28. 28.
    Pfleeger, S.L., Sasse, M.A., Furnham, A.: From weakest link to security hero: transforming staff security behavior. J. Homel. Secur. Emerg. Manag. 11(4), 489–510 (2014)Google Scholar
  29. 29.
    Probst, C.W., Kammüller, F., Hansen, R.R.: Formal modelling and analysis of socio-technical systems. In: Probst, C.W., Hankin, C., Hansen, R.R. (eds.) Semantics, Logics, and Calculi. LNCS, vol. 9560, pp. 54–73. Springer, Cham (2016). doi: 10.1007/978-3-319-27810-0_3 CrossRefGoogle Scholar
  30. 30.
    Reddington, J., Coles-Kemp, L.: Trap hunting: finding personal data management issues in next generation AAC devices. In: Proceedings of the Second Workshop on Speech and Language Processing for Assistive Technologies, pp. 32–42. Association for Computational Linguistics (2011)Google Scholar
  31. 31.
    Roe, P.: The ‘value’ of positive security. Rev. Int. Stud. 34(04), 777–794 (2008)CrossRefGoogle Scholar
  32. 32.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  33. 33.
    The TREsPASS Project. Project web page. http://trespass-project.eu. Accessed 10 Feb 2017
  34. 34.
    Vaughan-Williams, N., Stevens, D.: Vernacular theories of everyday (in)security: the disruptive potential of non-elite knowledge. Secur. Dialogue 47(1), 40–58 (2016)CrossRefGoogle Scholar
  35. 35.
    Vines, J., Blythe, M., Dunphy, P., Vlachokyriakos, V., Teece, I., Monk, A., Olivier, P.: Cheque mates: participatory design of digital payments with eighty somethings. In: Proceedings of the Conference on Human Factors in Computing Systems (CHI 2012), pp. 1189–1198. ACM (2012)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Royal Holloway, University of LondonEghamUK
  2. 2.Aalborg UniversityAalborgDenmark

Personalised recommendations