{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T23:14:42Z","timestamp":1769728482074,"version":"3.49.0"},"reference-count":119,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2024,11,14]],"date-time":"2024-11-14T00:00:00Z","timestamp":1731542400000},"content-version":"vor","delay-in-days":318,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100014013","name":"UK Research and Innovation","doi-asserted-by":"publisher","award":["MR\/S037373\/1"],"award-info":[{"award-number":["MR\/S037373\/1"]}],"id":[{"id":"10.13039\/100014013","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,1,2]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Digital security in all its forms, whether focused on computer security, information security, or cyber security, has practices of modelling at its core. Over recent decades, the goals of security in a digital context have widened to cover not only the protection of data and computing resource but also the protection and enablement of people using technology. Alongside this, there has been a concomitant diversification of the types of modelling that are used in digital security. In recent years, modellers have faced significant epistemological challenges, with tensions between different interdisciplinary perspectives about what models and modelling ought to be, and difficulties adequately communicating the virtues of different kinds of models among modellers and stakeholders such as policymakers or users. In this paper, we present a framework grounded in philosophy and social theory for understanding the methodological diversity of security modelling today: the MORS grid. Using the MORS grid, modellers can locate their own work of modelling, and explore methodological variations and political implications. We argue that in a subject that is increasingly recognized as being composed of different disciplinary positions, such a grid not only enables modellers to locate their own approach but also to appreciate the modelling positions of others. The grid is composed of four simple binaries: whether the modeller is an expert or non-expert, whether the modelling enquiry is model-oriented or target-oriented, whether the referent object (what needs to be protected) is determined prior to or posterior to the task of modelling, and whether the analyst adopts the design stance or the intentional stance. The paper presents the MORS grid through three lines of thought: first, we unpack the theoretical basis for each distinction in existing literature in the philosophy of science, security studies, and philosophy of mind; second, we provide a historical review of security modelling, and examine which positions on the MORS grid have predominated, and why; third, we set out the implications for modellers, policymakers and other stakeholders.<\/jats:p>","DOI":"10.1093\/cybsec\/tyae024","type":"journal-article","created":{"date-parts":[[2024,11,14]],"date-time":"2024-11-14T04:01:57Z","timestamp":1731556917000},"source":"Crossref","is-referenced-by-count":1,"title":["Navigating the landscape of security modelling: the MORS grid"],"prefix":"10.1093","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5146-6201","authenticated-orcid":false,"given":"Matt","family":"Spencer","sequence":"first","affiliation":[{"name":"Centre for Interdisciplinary Methodologies, University of Warwick , Coventry CV4 7AL ,","place":["United Kingdom"]}]},{"given":"Lizzie","family":"Coles-Kemp","sequence":"additional","affiliation":[{"name":"Information Security Group, Royal Holloway, University of London , Egham TW20 0EX ,","place":["United Kingdom"]}]},{"given":"Ren\u00e9 Rydhof","family":"Hansen","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Aalborg University , 9220 Aalborg East ,","place":["Denmark"]}]}],"member":"286","published-online":{"date-parts":[[2024,11,14]]},"reference":[{"key":"2025092301112728300_bib1","first-page":"169","article-title":"Why Johnny can't encrypt: a usability evaluation of PGP 5.0","volume":"348","author":"Whitten","year":"1999","journal-title":"USENIX Security Symposium"},{"key":"2025092301112728300_bib2","doi-asserted-by":"crossref","first-page":"391","DOI":"10.1007\/s00779-004-0308-5","article-title":"Security in the wild: user strategies for managing security as an everyday, practical problem","volume":"8","author":"Dourish","year":"2004","journal-title":"Personal and Ubiquitous Computing"},{"key":"2025092301112728300_bib3","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1007\/s10207-004-0060-x","article-title":"Game strategies in network security","volume":"4","author":"Lye","year":"2005","journal-title":"Int J Inf Secur"},{"key":"2025092301112728300_bib4","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1145\/2841113.2841118","article-title":"Examining the contribution of critical visualisation to information security","volume-title":"Proceedings of the 2015 New Security Paradigms Workshop","author":"Hall","year":"2015"},{"key":"2025092301112728300_bib5","doi-asserted-by":"crossref","first-page":"521","DOI":"10.1109\/TSE.2017.2782813","article-title":"The good, the bad and the ugly: a study of security decisions in a cyber-physical systems game","volume":"45","author":"Frey","year":"2017","journal-title":"IEEE Trans Software Eng"},{"key":"2025092301112728300_bib6","first-page":"21","article-title":"Attack trees","volume":"24","author":"Schneier","year":"1999","journal-title":"Dr. Dobb's journal"},{"key":"2025092301112728300_bib7","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1007\/978-3-319-27810-0_3","article-title":"Formal modelling and analysis of socio-technical systems","author":"Probst","year":"2016","journal-title":"Semantics, Logics, and Calculi: Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays"},{"key":"2025092301112728300_bib8","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1016\/B978-1-55860-092-8.50006-X","article-title":"The structure of ill-structured solutions: boundary objects and heterogeneous distributed problem solving","volume-title":"Distributed Artificial Intelligence","author":"Star","year":"1989"},{"key":"2025092301112728300_bib9","doi-asserted-by":"crossref","first-page":"287","DOI":"10.1109\/IRI.2015.54","article-title":"Formal methods for modelling and analysis of single-event upsets","volume-title":"2015 IEEE International Conference on Information Reuse and Integration","author":"Hansen","year":"2015"},{"key":"2025092301112728300_bib10","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1109\/SADFE.2009.13","article-title":"Analysing access control specifications","volume-title":"2009 Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering","author":"Probst","year":"2009"},{"key":"2025092301112728300_bib11","doi-asserted-by":"crossref","first-page":"134","DOI":"10.1007\/3-540-48294-6_9","article-title":"Abstract interpretation of mobile ambients","volume-title":"Static Analysis: 6th International Symposium, SAS\u201999 Venice, Italy, September 22\u201324, 1999 Proceedings 6","author":"Rydhof\u00a0Hansen","year":"1999"},{"key":"2025092301112728300_bib12","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1561\/1800000030","article-title":"Inclusive security: digital security meets web science","volume":"7","author":"Coles-Kemp","year":"2020","journal-title":"Foundat Trends Web Sci"},{"key":"2025092301112728300_bib13","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1080\/25741292.2020.1760414","article-title":"Digital welfare: designing for more nuanced forms of access","volume":"3","author":"Coles-Kemp","year":"2020","journal-title":"Policy Design Practice"},{"key":"2025092301112728300_bib14","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1145\/3584318.3584322","article-title":"Designing through the stack: the case for a participatory digital security by design","volume-title":"Proceedings of the 2022 New Security Paradigms Workshop","author":"Slesinger","year":"2022"},{"key":"2025092301112728300_bib15","first-page":"1","article-title":"Creative malfunction: finding fault with rowhammer","volume":"8","author":"Spencer","year":"2021","journal-title":"Computational Culture"},{"key":"2025092301112728300_bib16","first-page":"1","article-title":"Characterising assurance: scepticism and mistrust in cyber security","author":"Spencer","year":"2022","journal-title":"J Cultural Economy"},{"key":"2025092301112728300_bib17","doi-asserted-by":"publisher","first-page":"655","DOI":"10.1177\/03063127231221107","article-title":"The de-perimeterisation of information security: the Jericho Forum, zero trust, and narrativity","volume":"54","author":"Spencer","year":"2024","journal-title":"Social Stud Sci"},{"key":"2025092301112728300_bib18","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1007\/BF00486621","article-title":"Should physicists preach what they practice? Constructive modeling in doing and learning physics","volume":"4","author":"Nersessian","year":"1995","journal-title":"Sci Educ"},{"key":"2025092301112728300_bib19","doi-asserted-by":"crossref","first-page":"275","DOI":"10.1177\/0741088386003003001","article-title":"Accommodating science: the rhetorical life of scientific facts","volume":"3","author":"Fahnestock","year":"1986","journal-title":"Written Commun"},{"key":"2025092301112728300_bib20","first-page":"41","article-title":"Relational expertise in participatory design","volume-title":"Proceedings of the 13th Participatory Design Conference: Research Papers-Volume 1","author":"Dindler","year":"2014"},{"key":"2025092301112728300_bib21","first-page":"1125","article-title":"Participatory design: the third space in human\u2013computer interaction","volume-title":"Human Computer Interaction Handbook","author":"Muller","year":"2012"},{"key":"2025092301112728300_bib22","first-page":"1","article-title":"The three paradigms of HCI","volume-title":"Alt. Chi. Session at the SIGCHI Conference on human Factors in Computing Systems San Jose, California, USA","author":"Harrison","year":"2007"},{"key":"2025092301112728300_bib23","doi-asserted-by":"crossref","first-page":"742","DOI":"10.1086\/425063","article-title":"How models are used to represent reality","volume":"71","author":"Giere","year":"2004","journal-title":"Philos Sci"},{"key":"2025092301112728300_bib24","doi-asserted-by":"crossref","first-page":"393","DOI":"10.1023\/A:1013349314515","article-title":"Twilight of the perfect model model","volume":"55","author":"Teller","year":"2001","journal-title":"Erkenntnis"},{"key":"2025092301112728300_bib25","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9781139026185","volume-title":"The World in the Model: How Economists Work and Think","author":"Morgan","year":"2012"},{"key":"2025092301112728300_bib26","doi-asserted-by":"crossref","first-page":"1260","DOI":"10.1086\/508124","article-title":"Models, representation, and mediation","volume":"72","author":"Knuuttila","year":"2005","journal-title":"Philos Sci"},{"key":"2025092301112728300_bib27","volume-title":"The Tacit Dimension","author":"Polanyi","year":"1966"},{"key":"2025092301112728300_bib28","volume-title":"Toward a History of Epistemic Things: Synthesizing Proteins in the Test Tube","author":"Rheinberger","year":"1997"},{"key":"2025092301112728300_bib29","doi-asserted-by":"crossref","first-page":"313","DOI":"10.1080\/1600910X.2019.1610018","article-title":"The difference a method makes: methods as epistemic objects in computational science","volume":"20","author":"Spencer","year":"2019","journal-title":"Distinktion J Soc Theory"},{"key":"2025092301112728300_bib30","doi-asserted-by":"crossref","first-page":"627","DOI":"10.1007\/s13347-018-0329-z","article-title":"Building general knowledge of mechanisms in information security","volume":"32","author":"Spring","year":"2019","journal-title":"Philos Technol"},{"key":"2025092301112728300_bib31","first-page":"26","article-title":"A symbiotic relationship between formal methods and security","volume-title":"Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No. 98EX358)","author":"Wing","year":"1998"},{"key":"2025092301112728300_bib32","volume-title":"Security: A New Framework for Analysis","author":"Buzan","year":"1998"},{"key":"2025092301112728300_bib33","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1177\/0967010610393549","article-title":"The \u2018human'as referent object? Humanitarianism as securitization","volume":"42","author":"Watson","year":"2011","journal-title":"Security dialogue"},{"key":"2025092301112728300_bib34","doi-asserted-by":"crossref","DOI":"10.4324\/9780203108635","volume-title":"Environmental Security: Approaches and Issues","author":"Floyd","year":"2013"},{"key":"2025092301112728300_bib35","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1080\/09636419808429375","article-title":"Immigration and the politics of security","volume":"8","author":"Doty","year":"1998","journal-title":"Security Studies"},{"key":"2025092301112728300_bib36","doi-asserted-by":"crossref","first-page":"485","DOI":"10.1111\/j.1467-856x.2005.00204.x","article-title":"Into Cerberus' lair: bringing the idea of security to light","volume":"7","author":"Smith","year":"2005","journal-title":"British J Pol Int Relations"},{"key":"2025092301112728300_bib37","volume-title":"The Intentional Stance","author":"Dennett","year":"1987"},{"key":"2025092301112728300_bib38","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MSP.2018.1870866","article-title":"Cyber deception: overview and the road ahead","volume":"16","author":"Wang","year":"2018","journal-title":"IEEE Security Privacy"},{"key":"2025092301112728300_bib39","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1109\/RTCSA.2011.66","article-title":"Grounding cyber information in the physical world with attachable social cues","volume-title":"2011 IEEE 17th International Conference on Embedded and Real-Time Computing Systems and Applications","author":"Osawa","year":"2011"},{"key":"2025092301112728300_bib40","first-page":"57","article-title":"The humanitarian imperative for minimally-just AI in weapons","volume-title":"Lethal Autonomous Weapons: Re-Examining the Law and Ethics of Robotic Warfare","author":"Scholz","year":"2020"},{"key":"2025092301112728300_bib41","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1162\/DESI_a_00102","article-title":"The design stance in user-system interaction","volume":"27","author":"Crilly","year":"2011","journal-title":"Design Issues"},{"key":"2025092301112728300_bib42","article-title":"How people's appreciation of products is affected by their knowledge of the designers\u2019 intentions","author":"Da\u00a0Silva","year":"2015"},{"key":"2025092301112728300_bib43","first-page":"2","article-title":"Realism without literalism","volume-title":"The Philosophy of Daniel Dennett, Bryce and Huebner Eds","author":"Kukla","year":"2017"},{"key":"2025092301112728300_bib44","doi-asserted-by":"crossref","first-page":"177","DOI":"10.2307\/2108038","article-title":"The interpretation of texts, people and other artifacts","volume":"50","author":"Dennett","year":"1990","journal-title":"Philos Phenom Res"},{"key":"2025092301112728300_bib45","doi-asserted-by":"crossref","first-page":"103191","DOI":"10.1016\/j.cose.2023.103191","article-title":"An analysis of how many undiscovered vulnerabilities remain in information systems","volume":"131","author":"Spring","year":"2023","journal-title":"Comput Secur"},{"key":"2025092301112728300_bib46","doi-asserted-by":"crossref","first-page":"1077","DOI":"10.1145\/1240624.1240789","article-title":"How HCI interprets the probes","volume-title":"Proceedings of the SIGCHI conference on Human factors in computing systems","author":"Boehner","year":"2007"},{"key":"2025092301112728300_bib47","article-title":"Scope for the cyber security body of knowledge","author":"Rashid","year":"2017"},{"key":"2025092301112728300_bib48","article-title":"Secure computer systems: mathematical foundations","volume-title":"Draft MTR, The MITRE Corporation","author":"Bell","year":"1973"},{"key":"2025092301112728300_bib49","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1016\/0020-0190(85)90065-1","article-title":"A comment on the \u2018basic security theorem'of Bell and LaPadula","volume":"20","author":"McLean","year":"1985","journal-title":"Inform Process Lett"},{"key":"2025092301112728300_bib50","first-page":"8","article-title":"Concerning'modeling'of computer security","volume-title":"IEEE Symposium on Security and Privacy","author":"Bell","year":"1988"},{"key":"2025092301112728300_bib51","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1016\/0020-0190(95)00144-2","article-title":"An attack on the Needham\u2212Schroeder public\u2212key authentication protocol","volume":"56","author":"Lowe","year":"1995","journal-title":"Inform Process Lett"},{"key":"2025092301112728300_bib52","first-page":"147","article-title":"Breaking and fixing the Needham-Schroeder public-key protocol using FDR","volume-title":"International Workshop on Tools and Algorithms for the Construction and Analysis of Systems","author":"Lowe","year":"1996"},{"key":"2025092301112728300_bib53","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1109\/CSFW.1997.596782","article-title":"A hierarchy of authentication specifications","volume-title":"Proceedings 10th computer security foundations workshop","author":"Lowe","year":"1997"},{"key":"2025092301112728300_bib54","doi-asserted-by":"crossref","first-page":"134","DOI":"10.1287\/opre.8.1.134","article-title":"Design of threat models","volume":"8","author":"Tombach","year":"1960","journal-title":"Oper Res"},{"key":"2025092301112728300_bib55","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1109\/MSP.2005.119","article-title":"Demystifying the threat modeling process","volume":"3","author":"Torr","year":"2005","journal-title":"IEEE Security & Privacy"},{"key":"2025092301112728300_bib56","doi-asserted-by":"crossref","first-page":"993","DOI":"10.1145\/359657.359659","article-title":"Using encryption for authentication in large networks of computers","volume":"21","author":"Needham","year":"1978","journal-title":"Commun ACM"},{"key":"2025092301112728300_bib57","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","article-title":"On the security of public key protocols","volume":"29","author":"Dolev","year":"1983","journal-title":"IEEE Trans Inf Theory"},{"key":"2025092301112728300_bib58","volume-title":"Mechanizing Proof: Computing, Risk, and Trust","author":"MacKenzie","year":"2004"},{"key":"2025092301112728300_bib59","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1109\/MSECP.2003.1193216","article-title":"The weakest link revisited","volume":"1","author":"Arce","year":"2003","journal-title":"IEEE Security Privacy"},{"key":"2025092301112728300_bib60","article-title":"A framework for reasoning about the human in the loop","author":"Cranor","year":"2008"},{"key":"2025092301112728300_bib61","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1046\/j.1365-2575.2001.00099.x","article-title":"Current directions in IS security research: towards socio-organizational perspectives","volume":"11","author":"Dhillon","year":"2001","journal-title":"Information Systems Journal"},{"key":"2025092301112728300_bib62","doi-asserted-by":"crossref","first-page":"1836","DOI":"10.1145\/2480362.2480705","article-title":"An updated threat model for security ceremonies","volume-title":"Proceedings of the 28th annual ACM symposium on applied computing","author":"Carlos","year":"2013"},{"key":"2025092301112728300_bib63","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1145\/1620693.1620708","article-title":"When security gets in the way","volume":"16","author":"Norman","year":"2009","journal-title":"Interactions"},{"key":"2025092301112728300_bib64","doi-asserted-by":"crossref","first-page":"399","DOI":"10.1145\/1920261.1920319","article-title":"Two methodologies for physical penetration testing using social engineering","volume-title":"Proceedings of the 26th annual computer security applications conference","author":"Dimkov","year":"2010"},{"key":"2025092301112728300_bib65","first-page":"277","article-title":"A socio-technical and co-evolutionary framework for reducing human-related risks in cyber security and cybercrime ecosystems","volume-title":"International Conference on Dependability in Sensor, Cloud, and Big Data Systems and Applications","author":"Islam","year":"2019"},{"key":"2025092301112728300_bib66","first-page":"313","article-title":"Retaliation against protocol attacks","volume":"3","author":"Bella","year":"2008","journal-title":"J Inform Assur Security"},{"key":"2025092301112728300_bib67","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1007\/s10817-010-9185-y","article-title":"Multi-attacker protocol validation","volume":"46","author":"Arsac","year":"2011","journal-title":"J Automat Reason"},{"key":"2025092301112728300_bib68","article-title":"Usable Security: Why Do We Need It? How Do We Get It?","volume-title":"Security and Usability: Designing secure systems that people can use?","author":"Sasse","year":"2005"},{"key":"2025092301112728300_bib69","first-page":"1","article-title":"Ceremony design and analysis","author":"Ellison","year":"2007","journal-title":"Cryptology EPrint Archive"},{"key":"2025092301112728300_bib70","doi-asserted-by":"crossref","first-page":"318","DOI":"10.1007\/978-3-319-07620-1_28","article-title":"A conceptual framework to study socio-technical security","volume-title":"Human Aspects of Information Security, Privacy, and Trust: Second International Conference, HAS 2014, Held as Part of HCI International 2014, Heraklion, Crete, Greece, June 22-27, 2014. Proceedings 2","author":"Ferreira","year":"2014"},{"key":"2025092301112728300_bib71","doi-asserted-by":"crossref","first-page":"300","DOI":"10.1145\/1368310.1368354","article-title":"Provably secure browser-based user-aware mutual authentication over TLS","volume-title":"Proceedings of the 2008 ACM symposium on Information, computer and communications security","author":"Gajek","year":"2008"},{"key":"2025092301112728300_bib72","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1007\/978-3-642-21424-0_9","article-title":"Ceremony analysis: strengths and weaknesses","volume-title":"Future Challenges in Security and Privacy for Academia and Industry: 26th IFIP TC 11 International Information Security Conference, SEC 2011, Lucerne, Switzerland, June 7-9, 2011. Proceedings 26","author":"Radke","year":"2011"},{"key":"2025092301112728300_bib73","doi-asserted-by":"crossref","first-page":"273","DOI":"10.1007\/978-3-642-30436-1_23","article-title":"Layered analysis of security ceremonies","volume-title":"Information Security and Privacy Research: 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, June 4-6, 2012. Proceedings 27","author":"Bella","year":"2012"},{"key":"2025092301112728300_bib74","first-page":"572","article-title":"A system security engineering process","volume":"249","author":"Weiss","year":"1991","journal-title":"Proceedings of the 14th National Computer Security Conference"},{"key":"2025092301112728300_bib75","volume-title":"Fault Tree Handbook","author":"Vesely","year":"1981"},{"key":"2025092301112728300_bib76","doi-asserted-by":"crossref","first-page":"100219","DOI":"10.1016\/j.cosrev.2019.100219","article-title":"A review of attack graph and attack tree visual syntax in cyber security","volume":"35","author":"Lallie","year":"2020","journal-title":"Computer Sci Review"},{"key":"2025092301112728300_bib77","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1007\/978-3-319-66402-6_7","article-title":"Is my attack tree correct?","volume-title":"Computer Security\u2013ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings, Part I 22","author":"Audinot","year":"2017"},{"key":"2025092301112728300_bib78","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1007\/978-3-642-19751-2_6","article-title":"Foundations of attack\u2013defense trees","volume-title":"Formal Aspects of Security and Trust: 7th International Workshop, FAST 2010, Pisa, Italy, September 16-17, 2010. Revised Selected Papers 7","author":"Kordy","year":"2011"},{"key":"2025092301112728300_bib79","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1093\/logcom\/exs029","article-title":"Attack\u2013defense trees","volume":"24","author":"Kordy","year":"2014","journal-title":"J Logic Comput"},{"key":"2025092301112728300_bib80","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2480741.2480742","article-title":"Game theory meets network security and privacy","volume":"45","author":"Manshaei","year":"2013","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"2025092301112728300_bib81","doi-asserted-by":"crossref","first-page":"472","DOI":"10.1109\/SURV.2012.062612.00056","article-title":"Game theory for network security","volume":"15","author":"Liang","year":"2012","journal-title":"IEEE Commun Surveys Tutorials"},{"key":"2025092301112728300_bib82","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/1-4020-8090-5_1","article-title":"System reliability and free riding","volume-title":"Economics of Information Security","author":"Varian","year":"2004"},{"key":"2025092301112728300_bib83","first-page":"12","article-title":"Modelling information warfare as a game","volume":"4","author":"Jormakka","year":"2005","journal-title":"J Inform Warfare"},{"key":"2025092301112728300_bib84","doi-asserted-by":"crossref","first-page":"228","DOI":"10.1207\/s15327884mca0304_2","article-title":"On interobjectivity","volume":"3","author":"Latour","year":"1996","journal-title":"Mind Culture Activity"},{"key":"2025092301112728300_bib85","first-page":"75","article-title":"Representing humans in system security models: an actor-network approach","volume":"2","author":"Pieters","year":"2011","journal-title":"J Wirel Mob Networks Ubiquitous Comput Dependable Appl"},{"key":"2025092301112728300_bib86","first-page":"92","article-title":"An overview of cyber attack and computer network operations simulation","volume-title":"Proceedings of the 2011 Military Modeling & Simulation Symposium","author":"Leblanc","year":"2011"},{"key":"2025092301112728300_bib87","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3424954.3424959","article-title":"AIT cyber range: flexible cyber security environment for exercises, training and research","volume-title":"Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference","author":"Leitner","year":"2020"},{"key":"2025092301112728300_bib88","doi-asserted-by":"crossref","first-page":"101827","DOI":"10.1016\/j.cose.2020.101827","article-title":"Riskio: a serious game for cyber security awareness and education","volume":"95","author":"Hart","year":"2020","journal-title":"Comput Security"},{"key":"2025092301112728300_bib89","doi-asserted-by":"crossref","DOI":"10.28938\/9781912729227","volume-title":"Concealing for Freedom","author":"Ermoshina","year":"2022"},{"key":"2025092301112728300_bib90","volume-title":"Safer (cyber) Spaces: Reconfiguring Digital Security towards Solidarity","author":"Slupska","year":"2022"},{"key":"2025092301112728300_bib91","volume-title":"Work-oriented Design of Computer Artifacts","author":"Ehn","year":"1988"},{"key":"2025092301112728300_bib92","first-page":"22","article-title":"Co-operative design\u2014Perspectives on 20 years with \u2018the Scandinavian IT Design Model\u2019","volume":"2000","author":"B\u00f8dker","year":"2000","journal-title":"Proceedings of NordiCHI"},{"key":"2025092301112728300_bib93","doi-asserted-by":"crossref","DOI":"10.14722\/usec.2015.23011","article-title":"Participatory design for security-related user interfaces","volume-title":"Proc USEC","author":"Weber","year":"2015"},{"key":"2025092301112728300_bib94","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3152421","article-title":"Participatory design that matters\u2014Facing the big issues","volume":"25","author":"B\u00f8dker","year":"2018","journal-title":"ACM Transactions on Computer-Human Interaction (TOCHI)"},{"key":"2025092301112728300_bib95","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1145\/2334184.2334197","article-title":"Modeling is not the answer! designing for usable security","volume":"19","author":"B\u00f8dker","year":"2012","journal-title":"Interactions"},{"key":"2025092301112728300_bib96","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1145\/1463160.1463191","article-title":"Threats or threads: from usable security to secure experience?","volume-title":"Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges","author":"Mathiasen","year":"2008"},{"key":"2025092301112728300_bib97","doi-asserted-by":"crossref","first-page":"777","DOI":"10.1017\/S0260210508008279","article-title":"The \u2018value'of positive security","volume":"34","author":"Roe","year":"2008","journal-title":"Review Int Stud"},{"key":"2025092301112728300_bib98","doi-asserted-by":"crossref","first-page":"1189","DOI":"10.1145\/2207676.2208569","article-title":"Cheque mates: participatory design of digital payments with eighty somethings","volume-title":"Proceedings of the SIGCHI Conference on Human Factors in Computing Systems","author":"Vines","year":"2012"},{"key":"2025092301112728300_bib99","first-page":"214","article-title":"Participatory design with individuals who have amnesia","volume-title":"Proceedings of the Eighth Conference on Participatory Design: Artful Integration: Interweaving media, Materials and Practices-Volume 1","author":"Wu","year":"2004"},{"key":"2025092301112728300_bib100","first-page":"1","article-title":"Drawing out the everyday hyper-[In] securities of digital identity","volume-title":"Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems","author":"Heath","year":"2022"},{"key":"2025092301112728300_bib101","first-page":"5145","article-title":"Ethical frameworks and computer security trolley problems: foundations for conversations","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Kohno","year":"2023"},{"key":"2025092301112728300_bib102","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1177\/0967010612438432","article-title":"Anticipating emergencies: technologies of preparedness and the matter of security","volume":"43","author":"Adey","year":"2012","journal-title":"Security Dialogue"},{"key":"2025092301112728300_bib103","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1177\/0263276413510050","article-title":"Vital systems security: reflexive biopolitics and the government of emergency","volume":"32","author":"Collier","year":"2015","journal-title":"Theory Culture Society"},{"key":"2025092301112728300_bib104","first-page":"1","article-title":"Introducing critical security methods","volume-title":"Critical Security Methods: New Frameworks for Analysis","author":"Aradau","year":"2015"},{"key":"2025092301112728300_bib105","doi-asserted-by":"crossref","first-page":"303","DOI":"10.1080\/0308514042000225680","article-title":"The big, bad wolf and the rational market: portfolio insurance, the 1987 crash and the performativity of economics","volume":"33","author":"MacKenzie","year":"2004","journal-title":"Eco Society"},{"key":"2025092301112728300_bib106","volume-title":"Do Economists Make Markets?: On the Performativity of Economics","author":"MacKenzie","year":"2007"},{"key":"2025092301112728300_bib107","first-page":"29","article-title":"Performativity rationalized","volume-title":"Enacting Dismal Science: New Perspectives on the Performativity of Economics","author":"Guala","year":"2016"},{"key":"2025092301112728300_bib108","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1177\/030631201031001007","article-title":"What is the problem with experts?","volume":"31","author":"Turner","year":"2001","journal-title":"Social studies of science"},{"key":"2025092301112728300_bib109","volume-title":"Politics and Expertise: How to Use Science in a Democratic Society","author":"Pamuk","year":"2021"},{"key":"2025092301112728300_bib110","volume-title":"Material Participation: Technology, the Environment and Everyday Publics","author":"Marres","year":"2016"},{"key":"2025092301112728300_bib111","first-page":"115","article-title":"More security or less insecurity","volume-title":"Cambridge International Workshop on Security Protocols","author":"Chowdhury","year":"2010"},{"key":"2025092301112728300_bib112","doi-asserted-by":"crossref","first-page":"342","DOI":"10.1177\/09670106221101725","article-title":"Cybersecurity, race, and the politics of truth","volume":"53","author":"Whyte","year":"2022","journal-title":"Security Dialogue"},{"key":"2025092301112728300_bib113","doi-asserted-by":"crossref","first-page":"olac013","DOI":"10.1093\/ips\/olac013","article-title":"What can a critical cybersecurity do?","volume":"16","author":"Dwyer","year":"2022","journal-title":"Int Politic Sociol"},{"key":"2025092301112728300_bib114","first-page":"72","article-title":"Constructivism and securitization studies","volume-title":"The Routledge Handbook of Security Studies","author":"Balzacq","year":"2009"},{"key":"2025092301112728300_bib115","first-page":"1","article-title":"Behavioural computer science: an agenda for combining modelling of human and system behaviours","volume":"8","author":"Pedersen","year":"2018","journal-title":"Human-centric Comput Inform Sci"},{"key":"2025092301112728300_bib116","doi-asserted-by":"crossref","first-page":"575","DOI":"10.2307\/3178066","article-title":"Situated knowledges: the science question in feminism and the privilege of partial perspective","volume":"14","author":"Haraway","year":"1988","journal-title":"Feminist Stud"},{"key":"2025092301112728300_bib117","doi-asserted-by":"crossref","first-page":"413","DOI":"10.1177\/00380385030373002","article-title":"Reflexive accounts and accounts of reflexivity in qualitative data analysis","volume":"37","author":"Mauthner","year":"2003","journal-title":"Sociology"},{"key":"2025092301112728300_bib118","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1177\/0967010611418713","article-title":"What's in an act? On security speech acts and little security nothings","volume":"42","author":"Huysmans","year":"2011","journal-title":"Security Dialogue"},{"key":"2025092301112728300_bib119","doi-asserted-by":"crossref","first-page":"10","DOI":"10.14512\/tatup.32.1.10","article-title":"Modeling for policy: challenges for technology assessment from new prognostic methods","volume":"32","author":"Kaminski","year":"2023","journal-title":"TATuP-Zeitschrift f\u00fcr Technikfolgenabsch\u00e4tzung in Theorie und Praxis"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/10\/1\/tyae024\/61182430\/tyae024.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/10\/1\/tyae024\/61182430\/tyae024.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,23]],"date-time":"2025-09-23T05:12:06Z","timestamp":1758604326000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyae024\/7900096"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":119,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1,2]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyae024","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2024]]},"published":{"date-parts":[[2024]]},"article-number":"tyae024"}}