A Socio-technical Methodology for the Security and Privacy Analysis of Services

There is a widely accepted need for methodologies to verify the security of services. A typical service requires user data and then makes them available through the Internet independently from access platforms or user locations, but the layman is rarely aware of the entailed risks and seldom acts cautiously. The combined human-and-technology system is complex: it intertwines the technical protocols that establish the technical security properties, with the social protocols that regulate human attitudes to and behaviour with computers. A number of security threats are therefore inherently socio-technical. % An appropriate methodology to tackle security of web services from a socio-technical standpoint, namely when the human is in the loop, is still missing. This paper introduces one, termed the ceremony concertina traversal methodology. It advocates that technology is analysed in the presence of the human through the various structural layers that arise, from computer processes to user personas. Layers should be analysed individually then in combination, so as to transmit the guarantees that the technology is sound to its users in practical scenarios.