Loading…
Formal Mental Models for Human-Centered Cybersecurity
Human users are increasingly recognized as a vector of cybersecurity attack. One problem that contributes to this condition is the growing complexity of digital tools. Such complexity can make it difficult for users to understand how tools work and how their actions will impact security. This work s...
Saved in:
| Published in: | International journal of human-computer interaction 2025-01, Vol.41 (2), p.1414-1430 |
|---|---|
| Main Authors: | , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | cdi_FETCH-LOGICAL-c286t-76a6294a949e66381df44b97136eb9cbee9814470debb04c07adc853c769a6bf3 |
| container_end_page | 1430 |
| container_issue | 2 |
| container_start_page | 1414 |
| container_title | International journal of human-computer interaction |
| container_volume | 41 |
| creator | Houser, Adam M. Bolton, Matthew L. |
| description | Human users are increasingly recognized as a vector of cybersecurity attack. One problem that contributes to this condition is the growing complexity of digital tools. Such complexity can make it difficult for users to understand how tools work and how their actions will impact security. This work sought to answer the research question: Can mental modeling analyses (from human factors engineering and human-automation interaction) be developed to effectively discover cybersecurity risks? To answer this, we extend mental models with cybersecurity-specific concepts. The resulting models are then incorporated into model checking analyses (an automated approach to formal verification) to discover if and when mismatches between human mental models and systems can cause security failures. We evaluated our approach by successfully applying it to a case study regarding the security configuration of a popular cloud data storage service. We ultimately discuss the results of this analysis and outline future research possibilities. |
| doi_str_mv | 10.1080/10447318.2024.2314353 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1080_10447318_2024_2314353</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3165263253</sourcerecordid><originalsourceid>FETCH-LOGICAL-c286t-76a6294a949e66381df44b97136eb9cbee9814470debb04c07adc853c769a6bf3</originalsourceid><addsrcrecordid>eNp9kE1LxDAQhoMouK7-BKHguevks81NKa4rrHjRc0jSFLq0zZq0SP-9KbtePc0wvB_Dg9A9hg2GEh4xMFZQXG4IELYhFDPK6QVaYU5JXnAJl2lPmnwRXaObGA8AQIDTFeJbH3rdZe9uGJfha9fFrPEh2029HvIq3V1wdVbNxoXo7BTacb5FV43uors7zzX62r58Vrt8__H6Vj3vc0tKMeaF0IJIpiWTTgha4rphzMgCU-GMtMY5WeL0O9TOGGAWCl3bklNbCKmFaegaPZxyj8F_Ty6O6uCnMKRKRbHgRFDCaVLxk8oGH2NwjTqGttdhVhjUQkj9EVILIXUmlHxPJ187NAuFHx-6Wo167nxogh5su9T8G_ELFnBrYg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3165263253</pqid></control><display><type>article</type><title>Formal Mental Models for Human-Centered Cybersecurity</title><source>Library & Information Science Abstracts (LISA)</source><source>Taylor and Francis:Jisc Collections:Taylor and Francis Read and Publish Agreement 2024-2025:Science and Technology Collection (Reading list)</source><creator>Houser, Adam M. ; Bolton, Matthew L.</creator><creatorcontrib>Houser, Adam M. ; Bolton, Matthew L.</creatorcontrib><description>Human users are increasingly recognized as a vector of cybersecurity attack. One problem that contributes to this condition is the growing complexity of digital tools. Such complexity can make it difficult for users to understand how tools work and how their actions will impact security. This work sought to answer the research question: Can mental modeling analyses (from human factors engineering and human-automation interaction) be developed to effectively discover cybersecurity risks? To answer this, we extend mental models with cybersecurity-specific concepts. The resulting models are then incorporated into model checking analyses (an automated approach to formal verification) to discover if and when mismatches between human mental models and systems can cause security failures. We evaluated our approach by successfully applying it to a case study regarding the security configuration of a popular cloud data storage service. We ultimately discuss the results of this analysis and outline future research possibilities.</description><identifier>ISSN: 1044-7318</identifier><identifier>EISSN: 1532-7590</identifier><identifier>EISSN: 1044-7318</identifier><identifier>DOI: 10.1080/10447318.2024.2314353</identifier><language>eng</language><publisher>Norwood: Taylor & Francis</publisher><subject>checking ; Complexity ; Cybersecurity ; Data storage ; formal ; Human engineering ; human error ; Human factors ; Impact analysis ; mental ; methods ; mode confusion</subject><ispartof>International journal of human-computer interaction, 2025-01, Vol.41 (2), p.1414-1430</ispartof><rights>2024 Taylor & Francis Group, LLC 2024</rights><rights>2024 Taylor & Francis Group, LLC</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c286t-76a6294a949e66381df44b97136eb9cbee9814470debb04c07adc853c769a6bf3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27898,27899,34109</link.rule.ids></links><search><creatorcontrib>Houser, Adam M.</creatorcontrib><creatorcontrib>Bolton, Matthew L.</creatorcontrib><title>Formal Mental Models for Human-Centered Cybersecurity</title><title>International journal of human-computer interaction</title><description>Human users are increasingly recognized as a vector of cybersecurity attack. One problem that contributes to this condition is the growing complexity of digital tools. Such complexity can make it difficult for users to understand how tools work and how their actions will impact security. This work sought to answer the research question: Can mental modeling analyses (from human factors engineering and human-automation interaction) be developed to effectively discover cybersecurity risks? To answer this, we extend mental models with cybersecurity-specific concepts. The resulting models are then incorporated into model checking analyses (an automated approach to formal verification) to discover if and when mismatches between human mental models and systems can cause security failures. We evaluated our approach by successfully applying it to a case study regarding the security configuration of a popular cloud data storage service. We ultimately discuss the results of this analysis and outline future research possibilities.</description><subject>checking</subject><subject>Complexity</subject><subject>Cybersecurity</subject><subject>Data storage</subject><subject>formal</subject><subject>Human engineering</subject><subject>human error</subject><subject>Human factors</subject><subject>Impact analysis</subject><subject>mental</subject><subject>methods</subject><subject>mode confusion</subject><issn>1044-7318</issn><issn>1532-7590</issn><issn>1044-7318</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2025</creationdate><recordtype>article</recordtype><sourceid>F2A</sourceid><recordid>eNp9kE1LxDAQhoMouK7-BKHguevks81NKa4rrHjRc0jSFLq0zZq0SP-9KbtePc0wvB_Dg9A9hg2GEh4xMFZQXG4IELYhFDPK6QVaYU5JXnAJl2lPmnwRXaObGA8AQIDTFeJbH3rdZe9uGJfha9fFrPEh2029HvIq3V1wdVbNxoXo7BTacb5FV43uors7zzX62r58Vrt8__H6Vj3vc0tKMeaF0IJIpiWTTgha4rphzMgCU-GMtMY5WeL0O9TOGGAWCl3bklNbCKmFaegaPZxyj8F_Ty6O6uCnMKRKRbHgRFDCaVLxk8oGH2NwjTqGttdhVhjUQkj9EVILIXUmlHxPJ187NAuFHx-6Wo167nxogh5su9T8G_ELFnBrYg</recordid><startdate>20250117</startdate><enddate>20250117</enddate><creator>Houser, Adam M.</creator><creator>Bolton, Matthew L.</creator><general>Taylor & Francis</general><general>Lawrence Erlbaum Associates, Inc</general><scope>AAYXX</scope><scope>CITATION</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope></search><sort><creationdate>20250117</creationdate><title>Formal Mental Models for Human-Centered Cybersecurity</title><author>Houser, Adam M. ; Bolton, Matthew L.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c286t-76a6294a949e66381df44b97136eb9cbee9814470debb04c07adc853c769a6bf3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2025</creationdate><topic>checking</topic><topic>Complexity</topic><topic>Cybersecurity</topic><topic>Data storage</topic><topic>formal</topic><topic>Human engineering</topic><topic>human error</topic><topic>Human factors</topic><topic>Impact analysis</topic><topic>mental</topic><topic>methods</topic><topic>mode confusion</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Houser, Adam M.</creatorcontrib><creatorcontrib>Bolton, Matthew L.</creatorcontrib><collection>CrossRef</collection><collection>Library & Information Sciences Abstracts (LISA)</collection><collection>Library & Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><jtitle>International journal of human-computer interaction</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Houser, Adam M.</au><au>Bolton, Matthew L.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Formal Mental Models for Human-Centered Cybersecurity</atitle><jtitle>International journal of human-computer interaction</jtitle><date>2025-01-17</date><risdate>2025</risdate><volume>41</volume><issue>2</issue><spage>1414</spage><epage>1430</epage><pages>1414-1430</pages><issn>1044-7318</issn><eissn>1532-7590</eissn><eissn>1044-7318</eissn><abstract>Human users are increasingly recognized as a vector of cybersecurity attack. One problem that contributes to this condition is the growing complexity of digital tools. Such complexity can make it difficult for users to understand how tools work and how their actions will impact security. This work sought to answer the research question: Can mental modeling analyses (from human factors engineering and human-automation interaction) be developed to effectively discover cybersecurity risks? To answer this, we extend mental models with cybersecurity-specific concepts. The resulting models are then incorporated into model checking analyses (an automated approach to formal verification) to discover if and when mismatches between human mental models and systems can cause security failures. We evaluated our approach by successfully applying it to a case study regarding the security configuration of a popular cloud data storage service. We ultimately discuss the results of this analysis and outline future research possibilities.</abstract><cop>Norwood</cop><pub>Taylor & Francis</pub><doi>10.1080/10447318.2024.2314353</doi><tpages>17</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1044-7318 |
| ispartof | International journal of human-computer interaction, 2025-01, Vol.41 (2), p.1414-1430 |
| issn | 1044-7318 1532-7590 1044-7318 |
| language | eng |
| recordid | cdi_crossref_primary_10_1080_10447318_2024_2314353 |
| source | Library & Information Science Abstracts (LISA); Taylor and Francis:Jisc Collections:Taylor and Francis Read and Publish Agreement 2024-2025:Science and Technology Collection (Reading list) |
| subjects | checking Complexity Cybersecurity Data storage formal Human engineering human error Human factors Impact analysis mental methods mode confusion |
| title | Formal Mental Models for Human-Centered Cybersecurity |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-25T16%3A34%3A51IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Formal%20Mental%20Models%20for%20Human-Centered%20Cybersecurity&rft.jtitle=International%20journal%20of%20human-computer%20interaction&rft.au=Houser,%20Adam%20M.&rft.date=2025-01-17&rft.volume=41&rft.issue=2&rft.spage=1414&rft.epage=1430&rft.pages=1414-1430&rft.issn=1044-7318&rft.eissn=1532-7590&rft_id=info:doi/10.1080/10447318.2024.2314353&rft_dat=%3Cproquest_cross%3E3165263253%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c286t-76a6294a949e66381df44b97136eb9cbee9814470debb04c07adc853c769a6bf3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=3165263253&rft_id=info:pmid/&rfr_iscdi=true |