Global Design for Secure Socio-Technical Systems

Socio-Technical Systems (STS) consist of people, software, hardware and organizational units. The pervasiveness and complexity of STSs make security analysis both particularly challenging and especially critical. Traditional security analysis techniques that address security in a piecemeal fashion (e.g. only for software, or only for business processes) are insufficient for addressing global security concerns and have been found often to leave serious STS vulnerabilities untreated. In this proposal, we aim at developing a comprehensive framework that consists of concepts, techniques and tools for designing secure STSs. In our framework, a STS consists of organizational goals and security requirements, businesses and industrial processes through which requirements are satisfied, software applications that support those processes, and system infrastructure that supports both processes and applications. We intend to propose a systematic process to analyze and design each part of the STSs,...