The Cranor Model Framework Free Essay Example

The Cranor model framework was proposed by CMU Professor Lorrie Faith Cranor to identify and analyze security issues caused due to human error. The human-in-the-loop security framework is introduced in this model to analyze the human role in a secure system, identify potential failure modes and find ways to reduce the likelihood of failure (Cranor, 2008). This framework analyzes systematically the role of human on wide range of secure systems and their design problems, including anti-phishing warnings and password policies in a conceptual way.

It consists of four components communication, communication impediments, human receiver and behavior.

Communication

In the context of security, communication can be categorized into warnings, notices, status indicators, training, and policies. Warnings are used to alert user about hazard and convince them to take necessary action to mitigate it. Notices give information of a particular object which helps in making appropriate decisions. Status indicators give system status information. Training and Policies when effectively implemented gives users the ability to react and respond to the situation appropriately.

Communication impediments

Communication though sent can be lost due to interference and environmental stimuli. Attackers can introduce malicious code or divert user’s attention by external factors thus being successful in destroying the communication. Human receiver Since we have human on the receiving end of security communication, six different attributes are considered — Communication delivery, Communication processing, Application, Personal variables, Intentions and Capabilities.

Behavior

When a communication is received, the basic goal is to understand the commands and implement them properly. The human-in-the-loop security framework is designed to use in human threat identification and mitigation process.

It consists of task identification, task automation, failure identification in two ways (her framework and user studies), and mitigating those failures. This process has to be implemented at the design phase to reduce human security failures.

References

Cranor, L.F. (2008). A Framework for Reasoning About the Human in the Loop. UPSEC. Garfinkel, S., & Lipford, H. R. (2014). Usable Security: History, Themes, and Challenges. Morgan & Claypool Publishers.