Abstract
We have become accustomed to the news of more and more cunning attacks to real-world systems, and equally accustomed to try to fix them even though further attacks may come. I discuss how to tackle and ultimately resolve this tedious and infamous attack-fix-loop practice by distilling out five paradigms to achieve cybersecurity: democratic, dictatorial, beautiful, invisible and explainable security. While each of these has distinctive features, various combinations, at some rate, of them may coexist, with the final aim of improving the way security measures account for the human element. Towards the end of the paper, I conjecture how the paradigms could be used to improve the ultimate security measure of our times, a Security Operation Centre. May I remark that many of the observations made below derive from my personal and current understanding and would require a number of experiments to be fully confirmed.
My SEICT 2022 co-chairs invited me to deliver a talk, which I entitled “The Right Level of Human Interaction to Establish Cybersecurity”. This is the accompanying paper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Baylon, C., Brunt, R., Livingstone, D.: Cyber Security at Civil Nuclear Facilities – Chatham House Report (2015). https://www.calameo.com/books/003701328a454e3527bf9
Bella, G.: Out to explore the cybersecurity planet. Emerald J. Intellect. Capital 21(2), 291–307 (2020). https://doi.org/10.1108/JIC-05-2019-0127
Bella, G., Bistarelli, S.: Soft constraints for security protocol analysis: confidentiality. In: Ramakrishnan, I.V. (ed.) PADL 2001. LNCS, vol. 1990, pp. 108–122. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45241-9_8
Bella, G., Christianson, B., Viganò, L.: Invisible security. In: Anderson, J., Matyáš, V., Christianson, B., Stajano, F. (eds.) Security Protocols 2016. LNCS, vol. 10368, pp. 1–9. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-62033-6_1
Bella, G., Curzon, P., Lenzini, G.: Service security and privacy as a socio-technical problem. IOS J. Comput. Secur. 23(5), 563–585 (2015). https://doi.org/10.3233/jcs-150536
Bella, G., Ophoff, J., Renaud, K., Sempreboni, D., Viganò, L.: Perceptions of beauty in security ceremonies. Philos. Technol. 35, 72 (2022). https://doi.org/10.1007/s13347-022-00552-0
Bella, G., Paulson, L.C.: Mechanising BAN Kerberos by the inductive method. In: Hu, A.J., Vardi, M.Y. (eds.) CAV 1998. LNCS, vol. 1427, pp. 416–427. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0028763
Bella, G., Viganò, L.: Security is beautiful. In: Christianson, B., Švenda, P., Matyáš, V., Malcolm, J., Stajano, F., Anderson, J. (eds.) Security Protocols 2015. LNCS, vol. 9379, pp. 247–250. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26096-9_25
Brownlee, K.: Being Sure of Each Other: An Essay on Social Rights and Freedoms. Information Security and Cryptography. Oxford University Press (2020)
Burr, W.E., Dodson, D.F., Polk, W.T.: NIST special publication 800-63 (2004)
Elliott, A.F.: Dubai Airport is replacing security checks with face-scanning fish (2017). https://www.telegraph.co.uk/travel/news/dubai-airport-replaces-security-checks-with-face-scanning-fish/
Fassl, M., Krombholz, K.: Why i can’t authenticate – understanding the low adoption of authentication ceremonies with autoethnography. In: CHI Conference on Human Factors in Computing Systems (CHI 2023) (2023). https://publications.cispa.saarland/3895/
Gilbert, D.: Dropbox and Box Users Accidentally Leaking Private Files Online (2014). https://www.ibtimes.co.uk/dropbox-box-users-accidentally-leaking-private-files-online-1447352
Roe, P.: The ‘value’ of positive security. Rev. Int. Stud. 34, 777–794 (2008). https://doi.org/10.1017/S0260210508008279
Sasse, A., Rashid, A.: Human factors knowledge area issue 1.0. The Cyber Security Body of Knowledge (2019)
Ryanair passenger lands in wrong Italian city (2012). http://www.mirror.co.uk/news/uk-news/ryanair-passenger-gets-on-wrong-plane-946207
This is Why The Human is the Weakest Link (2021). https://www.sans.org/blog/this-is-why-the-human-is-the-weakest-link/
Vigano, L., Magazzeni, D.: Explainable security. In: Proceedings of the 2020 IEEE European Symposium on Security and Privacy Workshops (EuroSPW 2020), pp. 293–300 (2020)
Wensveen, S., Overbeeke, K., Djajadiningrat, T., Kyffin, S.: Freedom of fun, freedom of interaction. Interactions 11, 59–61 (2004). https://doi.org/10.1145/1015530.1015559
Acknowledgements
I am indebted to all my coauthors for thought-provoking discussions and effective collaborations to develop those thoughts into actual concepts and working prototypes.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bella, G. (2023). Interactional Freedom and Cybersecurity. In: Bella, G., Doinea, M., Janicke, H. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2022. Lecture Notes in Computer Science, vol 13809. Springer, Cham. https://doi.org/10.1007/978-3-031-32636-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-32636-3_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-32635-6
Online ISBN: 978-3-031-32636-3
eBook Packages: Computer ScienceComputer Science (R0)