{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T08:29:53Z","timestamp":1776068993749,"version":"3.50.1"},"reference-count":64,"publisher":"SAGE Publications","issue":"5","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCS"],"published-print":{"date-parts":[[2015,9,29]]},"DOI":"10.3233\/jcs-150536","type":"journal-article","created":{"date-parts":[[2015,11,20]],"date-time":"2015-11-20T16:36:44Z","timestamp":1448037404000},"page":"563-585","source":"Crossref","is-referenced-by-count":19,"title":["Service security and privacy as a\u00a0socio-technical problem"],"prefix":"10.1177","volume":"23","author":[{"given":"Giampaolo","family":"Bella","sequence":"first","affiliation":[{"name":"Dipartimento di Matematica e Informatica, Universit\u00e0 di Catania, Catania, Italy. E-mail:\u00a0giamp@dmi.unict.it"}]},{"given":"Paul","family":"Curzon","sequence":"additional","affiliation":[{"name":"School of Electronic Engineering and Computer Science, Queen Mary University of London, London, UK. E-mail:\u00a0p.curzon@qmul.ac.uk"}]},{"given":"Gabriele","family":"Lenzini","sequence":"additional","affiliation":[{"name":"Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg. E-mail:\u00a0gabriele.lenzini@uni.lu"}]}],"member":"179","reference":[{"key":"10.3233\/JCS-150536_ref1","doi-asserted-by":"crossref","unstructured":"[1]M.\u00a0Abadi and C.\u00a0Fournet, Mobile values, new names, and secure communication, in: Proceedings of the 28th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL\u201901), ACM Press, 2001, pp.\u00a0104\u2013115.","DOI":"10.1145\/360204.360213"},{"key":"10.3233\/JCS-150536_ref2","doi-asserted-by":"crossref","unstructured":"[2]R.\u00a0Ali, C.\u00a0Sol\u00eds, I.\u00a0Omoronyia, M.\u00a0Salehie and B.\u00a0Nuseibeh, Social adaptation \u2013 When software gives users a voice, in: Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE\u201912), 2012, pp.\u00a075\u201384.","DOI":"10.5220\/0003991900750084"},{"key":"10.3233\/JCS-150536_ref4","unstructured":"[4]R.J.\u00a0Andersen, Usability and psychology, in: Security Engineering, Wiley Publishing, Inc., 2008, Chapter\u00a02."},{"key":"10.3233\/JCS-150536_ref6","doi-asserted-by":"crossref","unstructured":"[6]M.\u00a0Arapinis, S.\u00a0Bursuc and M.\u00a0Ryan, Privacy-supporting cloud computing: ConfiChair, a case study, in: Proceedings of the 1st Conference on Principles of Security and Trust (POST\u201912), Springer, 2012, pp.\u00a089\u2013108.","DOI":"10.1007\/978-3-642-28641-4_6"},{"key":"10.3233\/JCS-150536_ref7","doi-asserted-by":"crossref","unstructured":"[7]A.\u00a0Armando, W.\u00a0Arsac, T.\u00a0Avanesov, M.\u00a0Barletta, A.\u00a0Calvi, A.\u00a0Cappai, R.\u00a0Carbone, Y.\u00a0Chevalier, L.\u00a0Compagna, J.\u00a0Cu\u00e9llar, G.\u00a0Erzse, S.\u00a0Frau, M.\u00a0Minea, S.\u00a0M\u00f6dersheim, D.\u00a0von Oheimb, G.\u00a0Pellegrino, S.E.\u00a0Ponta, M.\u00a0Rocchetto, M.\u00a0Rusinowitch, M.\u00a0Torabi Dashti, M.\u00a0Turuani and L.\u00a0Vigan\u00f2, The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures, in: Proceedings of the 18th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS\u201912), LNCS, Vol.\u00a07214, Springer, 2012, pp.\u00a0267\u2013282.","DOI":"10.1007\/978-3-642-28756-5_19"},{"key":"10.3233\/JCS-150536_ref8","doi-asserted-by":"crossref","unstructured":"[8]D.\u00a0Barrera, H.G.\u00a0Kayacik, P.C.\u00a0van Oorschot and A.\u00a0Somayaji, A methodology for empirical analysis of permission-based security models and its application to android, in: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS\u201910), ACM, 2010, pp.\u00a073\u201384.","DOI":"10.1145\/1866307.1866317"},{"key":"10.3233\/JCS-150536_ref11","doi-asserted-by":"crossref","unstructured":"[11]A.\u00a0Beautement, M.A.\u00a0Sasse and M.\u00a0Wonham, The compliance budget: Managing security behaviour in organisations, in: Proceedings of the 2008 Workshop on New Security Paradigms (NSPW\u201908), ACM, 2008, pp.\u00a047\u201358.","DOI":"10.1145\/1595676.1595684"},{"key":"10.3233\/JCS-150536_ref12","doi-asserted-by":"crossref","unstructured":"[12]G.\u00a0Bella, Formal Correctness of Security Protocols, Information Security and Cryptography, Springer, 2007.","DOI":"10.1007\/978-3-540-68136-6"},{"key":"10.3233\/JCS-150536_ref13","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1007\/s10207-009-0097-y","article-title":"The principle of guarantee availability for security protocol analysis","volume":"9","author":"Bella","year":"2010","journal-title":"International Journal of Information Security"},{"key":"10.3233\/JCS-150536_ref14","doi-asserted-by":"crossref","unstructured":"[14]G.\u00a0Bella and L.\u00a0Coles-Kemp, Internet users\u2019 security and privacy while they interact with Amazon, in: Proceedings of IEEE International Workshop on Trust and Identity in Mobile Internet, Computing and Communications (IEEE TrustID\u201911), IEEE Press, 2011.","DOI":"10.1109\/TrustCom.2011.118"},{"key":"10.3233\/JCS-150536_ref15","doi-asserted-by":"crossref","unstructured":"[15]G.\u00a0Bella and L.\u00a0Coles-Kemp, Layered analysis of security ceremonies, in: Proceedings of the 27th IFIP International Information Security and Privacy Conference (IFIP SEC\u201912), D.\u00a0Gritzalis, S.\u00a0Furnell and M.\u00a0Theoharidou, eds, IFIP Advances in Information and Communication Technology, Vol.\u00a0376, Springer, 2012, pp.\u00a0273\u2013286.","DOI":"10.1007\/978-3-642-30436-1_23"},{"key":"10.3233\/JCS-150536_ref16","doi-asserted-by":"crossref","unstructured":"[16]G.\u00a0Bella, L.\u00a0Coles-Kemp, G.\u00a0Costantino and S.\u00a0Riccobene, Remote management of face-to-face written authenticated though anonymous exams, in: Proceedings of the 3rd International Conference on Computer Supported Education (CSEDU\u201911), INSTICC Press, 2011, pp.\u00a0431\u2013437.","DOI":"10.5220\/0003481404310437"},{"key":"10.3233\/JCS-150536_ref17","doi-asserted-by":"crossref","unstructured":"[17]G.\u00a0Bella, G.\u00a0Costantino and S.\u00a0Riccobene, WATA: A system for written authenticated though anonymous exams, in: Proceedings of the 2nd International Conference on Computer Supported Education (CSEDU\u201910), J.\u00a0Cordeiro and B.\u00a0Shishkov, eds, INSTICC Press, 2010, pp.\u00a0132\u2013137.","DOI":"10.5220\/0002797401320137"},{"key":"10.3233\/JCS-150536_ref18","doi-asserted-by":"crossref","unstructured":"[18]G.\u00a0Bella, P.\u00a0Curzon, R.\u00a0Giustolisi and G.\u00a0Lenzini, A socio-technical methodology for the security and privacy analysis of services, in: Proceedings of the 38th IEEE International Computer Software and Applications Conference Workshops (COMPSACW\u201914), IEEE Press, 2014, pp.\u00a0401\u2013406.","DOI":"10.1109\/COMPSACW.2014.69"},{"key":"10.3233\/JCS-150536_ref19","doi-asserted-by":"crossref","unstructured":"[19]G.\u00a0Bella, R.\u00a0Giustolisi and G.\u00a0Lenzini, Secure exams despite malicious management, in: Proceedings of 12th International Conference on Privacy, Security and Trust (PST\u201914), IEEE Press, 2014, pp.\u00a0274\u2013281.","DOI":"10.1109\/PST.2014.6890949"},{"key":"10.3233\/JCS-150536_ref20","doi-asserted-by":"crossref","unstructured":"[20]G.\u00a0Bella, R.\u00a0Giustolisi and G.\u00a0Lenzini, Socio-technical formal analysis of TLS certificate validation in modern browsers, in: Proceedings of the 11th International Conference on Privacy, Security and Trust (PST\u201913), J.\u00a0Castell\u00e0-Roca et al., eds, IEEE Press, 2013, pp.\u00a0309\u2013316.","DOI":"10.1109\/PST.2013.6596067"},{"key":"10.3233\/JCS-150536_ref21","unstructured":"[21]S.\u00a0Bensalem, V.\u00a0Ganesh, Y.\u00a0Lakhnech, C.\u00a0Mu\u00f1oz, S.\u00a0Owre, H.\u00a0Rue\u00df, J.\u00a0Rushby, V.\u00a0Rusu, H.\u00a0Sa\u00efdi, N.\u00a0Shankar, E.\u00a0Singerman and A.\u00a0Tiwari, An overview of SAL, in: Proceedings of the 5th NASA Langley Formal Methods Workshop (LFM 2000), 2000, pp.\u00a0187\u2013196."},{"key":"10.3233\/JCS-150536_ref23","doi-asserted-by":"crossref","unstructured":"[23]B.\u00a0Blanchet, An efficient cryptographic protocol verifier based on Prolog rules, in: Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW\u201901), IEEE Press, 1998, pp.\u00a082\u201396.","DOI":"10.1109\/CSFW.2001.930138"},{"key":"10.3233\/JCS-150536_ref24","doi-asserted-by":"crossref","unstructured":"[24]M.\u00a0Blaze, Toward a broader view of security protocols, in: Proceedings of the 12th Security Protocols Workshop (SPW\u201904), Springer, 2004, pp.\u00a0106\u2013120.","DOI":"10.1007\/11861386_12"},{"key":"10.3233\/JCS-150536_ref25","first-page":"97","article-title":"Towards integrated cognitive and interface analysis","volume":"43","author":"Bowman","year":"2001","journal-title":"ENTCS"},{"key":"10.3233\/JCS-150536_ref28","doi-asserted-by":"crossref","unstructured":"[28]M.C.\u00a0Carlos, J.E.\u00a0Martina, G.\u00a0Price and R.F.\u00a0Cust\u00f3dio, An updated threat model for security ceremonies, in: Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC\u201913), ACM, 2013, pp.\u00a01836\u20131843.","DOI":"10.1145\/2480362.2480705"},{"key":"10.3233\/JCS-150536_ref29","first-page":"253","article-title":"Priming a sense of security: What goes through people\u2019s minds?","volume":"2","author":"Carnelley","year":"2001","journal-title":"Journal of Social and Personal Relationships"},{"issue":"2","key":"10.3233\/JCS-150536_ref30","doi-asserted-by":"crossref","first-page":"286","DOI":"10.3758\/BF03203509","article-title":"A HyperCard-based tool for studying cognitive processes in complex problem solving","volume":"24","author":"Carter","year":"1992","journal-title":"Behavior Research Methods, Instruments, & Computers"},{"key":"10.3233\/JCS-150536_ref33","unstructured":"[33]D.\u00a0Cohen, Fear, Greed and Panic: The Psychology of the Stock Market, John Wiley & Son Ltd, 2001."},{"key":"10.3233\/JCS-150536_ref34","unstructured":"[34]L.F.\u00a0Cranor, A framework for reasoning about the human in the loop, in: Proceedings of the 1st Conference on Usability, Psychology, and Security, USENIX Association, 2008, Article No.\u00a01, pp.\u00a01\u201315."},{"key":"10.3233\/JCS-150536_ref35","unstructured":"[35]L.F.\u00a0Cranor and S.\u00a0Garfinkel, Security and Usability: Design Secure Systems That People Can Use, O\u2019Reilly Media, 2005."},{"key":"10.3233\/JCS-150536_ref36","unstructured":"[36]S.J.\u00a0Creese, M.\u00a0Goldsmith, A.W.\u00a0Roscoe and I.\u00a0Zakiuddin, The attacker in ubiquitous computing environments: Formalising the threat model, in: Proceedings of the 1st International Workshop on Formal Aspects in Security and Trust (FAST\u201903), Pisa, 2003."},{"key":"10.3233\/JCS-150536_ref37","doi-asserted-by":"crossref","unstructured":"[37]S.J.\u00a0Creese, M.H.\u00a0Goldsmith, A.W.\u00a0Roscoe and I.\u00a0Zakiuddin, Authentication in pervasive computing, in: Proceedings of the 1st International Conference on Security in Pervasive Computing, March 2003, 2003.","DOI":"10.1007\/978-3-540-39881-3_12"},{"issue":"19","key":"10.3233\/JCS-150536_ref38","first-page":"512","article-title":"An approach to formal verification of human\u2013computer interaction","volume":"4","author":"Curzon","year":"2007","journal-title":"Formal Aspects of Computing"},{"key":"10.3233\/JCS-150536_ref43","doi-asserted-by":"crossref","unstructured":"[43]A.\u00a0Ferreira, J.-L.\u00a0Huynen, V.\u00a0Koenig and G.\u00a0Lenzini, A conceptual framework to study socio-technical security, in: Human Aspects of Information Security, Privacy, and Trust, T.\u00a0Tryfonas and I.\u00a0Askoxylakis, eds, LNCS, Vol.\u00a08533, Springer, 2014, pp.\u00a0318\u2013329.","DOI":"10.1007\/978-3-319-07620-1_28"},{"key":"10.3233\/JCS-150536_ref44","doi-asserted-by":"crossref","unstructured":"[44]A.\u00a0Ferreira, J.-L.\u00a0Huynen, V.\u00a0Koenig and G.\u00a0Lenzini, Socio-technical security analysis of wireless hotspots, in: Human Aspects of Information Security, Privacy, and Trust, LNCS, Vol.\u00a08533, Springer, 2014, pp.\u00a0306\u2013317.","DOI":"10.1007\/978-3-319-07620-1_27"},{"issue":"4","key":"10.3233\/JCS-150536_ref45","doi-asserted-by":"crossref","first-page":"290","DOI":"10.1504\/IJACT.2009.028028","article-title":"User-aware browser-based mutual authentication via passwords and cookies with provable security on top of TLS","volume":"1","author":"Gajek","year":"2009","journal-title":"Journal of Applied Cryptography"},{"issue":"6","key":"10.3233\/JCS-150536_ref46","doi-asserted-by":"crossref","first-page":"1579","DOI":"10.1016\/j.scient.2011.11.011","article-title":"A tool to evaluate the business intelligence of enterprise systems","volume":"18","author":"Ghazanfari","year":"2011","journal-title":"Scientia Iranica"},{"key":"10.3233\/JCS-150536_ref47","doi-asserted-by":"crossref","unstructured":"[47]N.\u00a0Gonzalez, C.\u00a0Miers, F.\u00a0Redigolo, T.\u00a0Carvalho, M.\u00a0Simplicio, M.\u00a0Naslund and M.\u00a0Pourzandi, A quantitative analysis of current security concerns and solutions for cloud computing, in: Proceedings of the IEEE 3rd International Conference on Cloud Computing Technology and Science, IEEE Press, 2011, pp.\u00a0231\u2013238.","DOI":"10.1109\/CloudCom.2011.39"},{"key":"10.3233\/JCS-150536_ref49","doi-asserted-by":"crossref","unstructured":"[49]E.L.\u00a0Gunter, A.\u00a0Yasmeen, C.A.\u00a0Gunter and A.\u00a0Nguyen, Specifying and analyzing workflows for automated identification and data capture, in: Proceedings of the 42nd Hawaii International Conference on Systems Science (HICSS-42 2009), Proceedings (CD-ROM and Online), Waikoloa, Big Island, HI, USA, 5\u20138 January 2009, IEEE Press, 2009, pp.\u00a01\u201311.","DOI":"10.1109\/HICSS.2009.402"},{"key":"10.3233\/JCS-150536_ref50","doi-asserted-by":"crossref","unstructured":"[50]C.\u00a0Herley, So long, and no thanks for the externalities: The rational rejection of security advice by users, in: Proceedings of the 2009 New Security Paradigms Workshop (NSPW\u201909), ACM, 2009, pp.\u00a0133\u2013144.","DOI":"10.1145\/1719030.1719050"},{"key":"10.3233\/JCS-150536_ref51","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1146\/annurev.ps.40.020189.001025","article-title":"The psychology of deception","volume":"40","author":"Hyman","year":"1989","journal-title":"Annual Review of Psychology"},{"key":"10.3233\/JCS-150536_ref54","doi-asserted-by":"crossref","unstructured":"[54]P.G.\u00a0Inglesant and M.A.\u00a0Sasse, The true cost of unusable password policies: Password use in the wild, in: Proceedings of the 28th International Conference on Human Factors in Computing Systems, ACM, Atlanta, GE, USA, 2010, pp.\u00a0383\u2013392.","DOI":"10.1145\/1753326.1753384"},{"key":"10.3233\/JCS-150536_ref55","doi-asserted-by":"crossref","unstructured":"[55]P.\u00a0Jaferian, K.\u00a0Hawkey, A.\u00a0Sotirakopoulos and K.\u00a0Beznosov, Heuristics for evaluating it security management tools, in: Extended Abstracts on Human Factors in Computing Systems (CHI\u201911), 2011.","DOI":"10.1145\/2078827.2078837"},{"issue":"50","key":"10.3233\/JCS-150536_ref56","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1145\/1290958.1290968","article-title":"Social phishing","volume":"10","author":"Jagatic","year":"2007","journal-title":"Communications of the ACM"},{"key":"10.3233\/JCS-150536_ref57","unstructured":"[57]S.\u00a0Jana and V.\u00a0Shmatikov, EVE: Verifying correct execution of cloud-hosted web applications, in: Proceedings of the 3rd USENIX Workshop on Hot Topics in Cloud Computing (HotCloud\u201911), 2011, p.\u00a011."},{"key":"10.3233\/JCS-150536_ref58","doi-asserted-by":"crossref","unstructured":"[58]W.\u00a0Jansen, Cloud hooks: Security and privacy issues in cloud computing, in: Proceedings of the 44th Hawaii International Conference on System Sciences (HICSS\u201911), 2011, pp.\u00a01\u201310.","DOI":"10.1109\/HICSS.2011.103"},{"key":"10.3233\/JCS-150536_ref60","doi-asserted-by":"crossref","unstructured":"[60]C.\u00a0Karlof, J.D.\u00a0Tygar and D.\u00a0Wagner, Conditioned-safe ceremonies and a user study of an application to web authentication, in: Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS\u201909), ACM, 2009, pp.\u00a01\u201320.","DOI":"10.1145\/1572532.1572578"},{"key":"10.3233\/JCS-150536_ref61","doi-asserted-by":"crossref","first-page":"734","DOI":"10.1016\/j.pmcj.2009.07.008","article-title":"A comparative study of secure device pairing methods","volume":"5","author":"Kumar","year":"2009","journal-title":"Pervasive and Mobile Computing"},{"issue":"4","key":"10.3233\/JCS-150536_ref62","doi-asserted-by":"crossref","first-page":"319","DOI":"10.1002\/jhbs.20327","article-title":"From the stage to the laboratory: Magicians, psychologists, and the science of illusion","volume":"44","author":"Lachapelle","year":"2008","journal-title":"Journal of the History of the Behavioral Sciences"},{"key":"10.3233\/JCS-150536_ref63","unstructured":"[63]J.\u00a0Lazar, J.H.\u00a0Feng and H.\u00a0Hochheiser, Research Methods in Human\u2013Computer Interaction, John Wiley & Sons, Inc., 2009."},{"key":"10.3233\/JCS-150536_ref66","doi-asserted-by":"crossref","unstructured":"[66]T.\u00a0Martimiano, J.E.\u00a0Martina, M.M.\u00a0Olembo and M.C.\u00a0Carlos, Modelling user devices in security ceremonies, in: Proceedings of the 4th Workshop on Socio-Technical Aspects in Security and Trust (STAST\u201914), IEEE Press, 2014, pp.\u00a016\u201323.","DOI":"10.1109\/STAST.2014.11"},{"issue":"2","key":"10.3233\/JCS-150536_ref67","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1007\/s10207-014-0253-x","article-title":"An adaptive threat model for security ceremonies","volume":"14","author":"Martina","year":"2015","journal-title":"International Journal of Information Security"},{"key":"10.3233\/JCS-150536_ref68","doi-asserted-by":"crossref","unstructured":"[68]P.\u00a0Masci and P.\u00a0Curzon, Checking user-centred design principles in distributed cognition models: A case study in the healthcare domain, in: Information Quality in e-Health: The 7th Conference of the Austrian Computer Society Workgroup: Human\u2013Computer Interaction, LNCS, Vol.\u00a07058, Springer, 2011, pp.\u00a095\u2013108.","DOI":"10.1007\/978-3-642-25364-5_10"},{"key":"10.3233\/JCS-150536_ref69","unstructured":"[69]P.\u00a0Masci, P.\u00a0Curzon, A.\u00a0Blandford and D.\u00a0Furniss, Modelling distributed cognition systems in PVS, in: Proceedings of the 4th International Workshop on Formal Methods for Interactive Systems (FMIS\u201911), Electronic Communications of the EASST, Vol.\u00a045, EASST Press, June 2011, 2011."},{"issue":"2","key":"10.3233\/JCS-150536_ref70","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1007\/s11334-013-0200-4","article-title":"The benefits of formalising design guidelines: A case study on the predictability of drug infusion pumps","volume":"11","author":"Masci","year":"2015","journal-title":"Innovations in Systems and Software Engineering"},{"key":"10.3233\/JCS-150536_ref72","unstructured":"[72]K.\u00a0Mitnick and W.\u00a0Simon, The Art of Deception, Wiley Publishing, Inc., 2002."},{"key":"10.3233\/JCS-150536_ref74","doi-asserted-by":"crossref","unstructured":"[74]T.\u00a0Nipkow, L.C.\u00a0Paulson and M.\u00a0Wenzel, Isabelle\/HOL: A Proof Assistant for Higher-Order Logic, LNCS, Vol.\u00a02283, Springer, 2002.","DOI":"10.1007\/3-540-45949-9"},{"key":"10.3233\/JCS-150536_ref76","doi-asserted-by":"crossref","unstructured":"[76]S.\u00a0Owre, J.M.\u00a0Rushby and N.\u00a0Shankar, PVS: A Prototype Verification System, in: Proceedings of the 11th International Conference on Automated Deduction (CADE\u201992), D.\u00a0Kapur, ed., LNCS, Vol.\u00a0607, Springer, 1992, pp.\u00a0748\u2013752.","DOI":"10.1007\/3-540-55602-8_217"},{"key":"10.3233\/JCS-150536_ref77","doi-asserted-by":"crossref","unstructured":"[77]E.\u00a0Paja, F.\u00a0Dalpiaz and P.\u00a0Giorgini, Managing security requirements conflicts in socio-technical systems, in: Proceedings of the 32nd International Conference on Conceptual Modeling (ER 2013), 2013, pp.\u00a0270\u2013283.","DOI":"10.1007\/978-3-642-41924-9_23"},{"key":"10.3233\/JCS-150536_ref79","doi-asserted-by":"crossref","unstructured":"[79]S.\u00a0Parkin, A.\u00a0van Moorsel, P.G.\u00a0Inglesant and M.A.\u00a0Sasse, A stealth approach to usable security: Helping IT security managers to identify workable security solutions, in: Proceedings of the 2010 New Security Paradigms Workshop (NSPW\u201910), ACM, 2010, pp.\u00a033\u201350.","DOI":"10.1145\/1900546.1900553"},{"key":"10.3233\/JCS-150536_ref81","doi-asserted-by":"crossref","unstructured":"[81]K.\u00a0Radke, C.\u00a0Boyd, J.G.\u00a0Nieto and M.\u00a0Brereton, Ceremony analysis: Strengths and weaknesses, in: Proceedings of the IFIP Information Security Conference (SEC2011), Lucerne, Switzerland, 7\u20139 June 2011, Springer, 2011, pp.\u00a0104\u2013115.","DOI":"10.1007\/978-3-642-21424-0_9"},{"issue":"2","key":"10.3233\/JCS-150536_ref83","doi-asserted-by":"crossref","first-page":"143","DOI":"10.1007\/s11334-008-0050-7","article-title":"Modelling and analysing cognitive causes of security breaches","volume":"4","author":"Ruk\u0161\u0117nas","year":"2008","journal-title":"Innovation in Systems and Software Engineering"},{"key":"10.3233\/JCS-150536_ref84","first-page":"1","article-title":"Analyzing cockpit interfaces using formal methods","volume":"43","author":"Rushby","year":"2001","journal-title":"ENTCS"},{"key":"10.3233\/JCS-150536_ref89","doi-asserted-by":"crossref","unstructured":"[89]J.\u00a0Somorovsky, M.\u00a0Jensen, J.\u00a0Schwenk, M.\u00a0Heiderick, N.\u00a0Gruschka and L.L.\u00a0Iacono, All your clouds are belong to us: Security analysis of cloud management interfaces, in: Proceedings of the 3rd ACM Workshop on Cloud Computing Security (CCSW\u201911), 2011, pp.\u00a03\u201314.","DOI":"10.1145\/2046660.2046664"},{"issue":"4","key":"10.3233\/JCS-150536_ref96","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1145\/1330311.1330320","article-title":"The psychology of security","volume":"51","author":"West","year":"2008","journal-title":"Communications of the ACM"},{"key":"10.3233\/JCS-150536_ref97","doi-asserted-by":"crossref","unstructured":"[97]B.\u00a0Whitworth, Social-technical systems, in: Encyclopedia of Human Computer Interaction, 2006, pp.\u00a0533\u2013541.","DOI":"10.4018\/978-1-59140-562-7.ch079"},{"key":"10.3233\/JCS-150536_ref98","doi-asserted-by":"crossref","unstructured":"[98]B.\u00a0Whitworth, The social requirements of technical systems, in: Handbook of Research on Socio-Technical Design and Social Networking Systems, IGI Global, 2009, pp.\u00a03\u201322.","DOI":"10.4018\/978-1-60566-264-0.ch001"},{"key":"10.3233\/JCS-150536_ref101","doi-asserted-by":"crossref","unstructured":"[101]Y.\u00a0Zhang, F.\u00a0Monrose and M.K.\u00a0Reiter, The security of modern password expiration: An algorithmic framework and empirical analysis, in: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS\u201910), ACM, 2010, pp.\u00a0176\u2013186.","DOI":"10.1145\/1866307.1866328"}],"container-title":["Journal of Computer Security"],"original-title":[],"link":[{"URL":"https:\/\/content.iospress.com\/download?id=10.3233\/JCS-150536","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T13:15:17Z","timestamp":1748697317000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.medra.org\/servlet\/aliasResolver?alias=iospress&doi=10.3233\/JCS-150536"}},"subtitle":["Literature review, analysis methodology and challenge domains"],"editor":[{"given":"Luca","family":"Spalazzi","sequence":"additional","affiliation":[]},{"given":"Luca","family":"Vigan\u00f2","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2015,9,29]]},"references-count":64,"journal-issue":{"issue":"5"},"URL":"https:\/\/doi.org\/10.3233\/jcs-150536","relation":{},"ISSN":["1875-8924","0926-227X"],"issn-type":[{"value":"1875-8924","type":"electronic"},{"value":"0926-227X","type":"print"}],"subject":[],"published":{"date-parts":[[2015,9,29]]}}}