{"id":"https://openalex.org/W4387628515","doi":"https://doi.org/10.1145/3617072.3617114","title":"Usable Security Model for Industrial Control Systems - Authentication and Authorisation Workflow","display_name":"Usable Security Model for Industrial Control Systems - Authentication and Authorisation Workflow","publication_year":2023,"publication_date":"2023-10-13","ids":{"openalex":"https://openalex.org/W4387628515","doi":"https://doi.org/10.1145/3617072.3617114"},"language":"en","primary_location":{"id":"doi:10.1145/3617072.3617114","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3617072.3617114","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3617072.3617114","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 European Symposium on Usable Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3617072.3617114","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5020666431","display_name":"Karen Li","orcid":"https://orcid.org/0009-0000-0428-1602"},"institutions":[{"id":"https://openalex.org/I36234482","display_name":"University of Bristol","ror":"https://ror.org/0524sp257","country_code":"GB","type":"education","lineage":["https://openalex.org/I36234482"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Karen Li","raw_affiliation_strings":["University of Bristol, United Kingdom"],"raw_orcid":"https://orcid.org/0009-0000-0428-1602","affiliations":[{"raw_affiliation_string":"University of Bristol, United Kingdom","institution_ids":["https://openalex.org/I36234482"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034962802","display_name":"Awais Rashid","orcid":"https://orcid.org/0000-0002-0109-1341"},"institutions":[{"id":"https://openalex.org/I36234482","display_name":"University of Bristol","ror":"https://ror.org/0524sp257","country_code":"GB","type":"education","lineage":["https://openalex.org/I36234482"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Awais Rashid","raw_affiliation_strings":["University of Bristol, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-0109-1341","affiliations":[{"raw_affiliation_string":"University of Bristol, United Kingdom","institution_ids":["https://openalex.org/I36234482"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054330214","display_name":"Anne Roudaut","orcid":"https://orcid.org/0000-0003-3082-4564"},"institutions":[{"id":"https://openalex.org/I36234482","display_name":"University of Bristol","ror":"https://ror.org/0524sp257","country_code":"GB","type":"education","lineage":["https://openalex.org/I36234482"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Anne Roudaut","raw_affiliation_strings":["University of Bristol, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0003-3082-4564","affiliations":[{"raw_affiliation_string":"University of Bristol, United Kingdom","institution_ids":["https://openalex.org/I36234482"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.5543,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.64572242,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"205","last_page":"217"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/usable","display_name":"USable","score":0.8944216966629028},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6640896797180176},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6328715085983276},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.5760499238967896},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.5407514572143555},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5260315537452698},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.410400390625},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.34262287616729736},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.10232409834861755},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.09609454870223999}],"concepts":[{"id":"https://openalex.org/C2780615836","wikidata":"https://www.wikidata.org/wiki/Q2471869","display_name":"USable","level":2,"score":0.8944216966629028},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6640896797180176},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6328715085983276},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.5760499238967896},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.5407514572143555},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5260315537452698},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.410400390625},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.34262287616729736},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.10232409834861755},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.09609454870223999},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3617072.3617114","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3617072.3617114","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3617072.3617114","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 European Symposium on Usable Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3617072.3617114","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3617072.3617114","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3617072.3617114","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 European Symposium on Usable Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.7300000190734863,"id":"https://metadata.un.org/sdg/6","display_name":"Clean water and sanitation"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387628515.pdf","grobid_xml":"https://content.openalex.org/works/W4387628515.grobid-xml"},"referenced_works_count":32,"referenced_works":["https://openalex.org/W179821368","https://openalex.org/W1485195923","https://openalex.org/W1562206866","https://openalex.org/W1901612877","https://openalex.org/W1983051294","https://openalex.org/W1988412229","https://openalex.org/W1995989152","https://openalex.org/W2010219174","https://openalex.org/W2016157817","https://openalex.org/W2018861399","https://openalex.org/W2041078517","https://openalex.org/W2041783719","https://openalex.org/W2070573064","https://openalex.org/W2072694646","https://openalex.org/W2093022366","https://openalex.org/W2131060714","https://openalex.org/W2133674686","https://openalex.org/W2150337999","https://openalex.org/W2157130167","https://openalex.org/W2261611353","https://openalex.org/W2270114401","https://openalex.org/W2395955682","https://openalex.org/W2403134197","https://openalex.org/W2596572682","https://openalex.org/W2610934265","https://openalex.org/W2792553346","https://openalex.org/W2797893620","https://openalex.org/W2907358912","https://openalex.org/W2911492182","https://openalex.org/W2955881216","https://openalex.org/W3182926393","https://openalex.org/W4200514777"],"related_works":["https://openalex.org/W2123296434","https://openalex.org/W2187233292","https://openalex.org/W2555738791","https://openalex.org/W4298042445","https://openalex.org/W2104547074","https://openalex.org/W2132693790","https://openalex.org/W3197290876","https://openalex.org/W2017675414","https://openalex.org/W1593822213","https://openalex.org/W2095975812"],"abstract_inverted_index":{"Industrial":[0],"Control":[1,59],"Systems":[2],"(ICS)":[3],"run":[4],"critical":[5],"large-scale":[6],"systems":[7,16,26,42,65,125],"that":[8,90,240],"are":[9,27,43,157,166,242],"needed":[10],"in":[11,30,103,168,178],"everyday":[12],"society.":[13],"These":[14],"include":[15],"such":[17,104,229,274],"as:":[18],"power,":[19],"water":[20],"treatment":[21],"and":[22,33,37,40,50,58,84,98,123,142,150,165,189,215,297,317],"manufacturing.":[23],"However,":[24],"legacy":[25,64,284],"widely":[28],"utilized":[29],"ICS":[31,54,83,316],"settings":[32],"updating,":[34],"regular":[35],"patching":[36],"modern":[38],"cryptographic":[39],"authentication":[41,149],"not":[44,116,243],"often":[45],"feasible":[46,118],"due":[47,119,193,268],"to":[48,61,92,120,145,159,181,194,254,269,282,290,301,325],"safety":[49],"real-time":[51],"constraints.":[52,126,199],"Therefore,":[53],"rely":[55],"on":[56,63,185],"Operators":[57],"Engineers":[60],"work":[62,76,279],"which":[66,77,256,294],"lack":[67,86,224,271,286],"usable":[68,79,101,186,226],"security.":[69],"There":[70],"has":[71],"been":[72],"a":[73,85,130,223],"shortage":[74],"of":[75,87,163,225,260,272,287],"examines":[78],"security":[80,102,122,187,227,235,312],"challenges":[81,97,188],"within":[82],"empirical":[88],"insights":[89,319],"bring":[91],"the":[93,95,121,202,258,304,309],"fore":[94],"specific":[96],"constraints":[99],"impacting":[100],"systems.":[105,170],"What":[106],"may":[107,115],"make":[108],"perfect":[109],"sense":[110],"from":[111,137,174,205,218],"an":[112,179,261],"HCI":[113],"standpoint":[114],"be":[117,160],"control":[124],"We,":[127],"therefore,":[128],"conducted":[129],"participatory":[131],"study":[132,307],"where":[133],"we":[134],"asked":[135],"participants":[136,173],"Human":[138],"Computer":[139],"Interaction":[140],"(HCI)":[141],"Security":[143],"background":[144],"draw":[146],"their":[147,249],"ideal":[148],"authorisation":[151],"workflow":[152],"-":[153,289],"as":[154,230,275],"these":[155,175,234,283],"mechanisms":[156,321],"seen":[158],"first":[161],"line":[162],"defence":[164],"used":[167],"all":[169],"We":[171,200,221],"recruited":[172],"speciality":[176],"backgrounds":[177],"attempt":[180],"identify":[182],"different":[183,195],"perspectives":[184],"what":[190],"threats":[191,203],"emerge":[192],"design":[196],"choices":[197],"or":[198],"elicit":[201],"emerging":[204],"our":[206],"study,":[207],"categorise":[208],"them":[209],"using":[210],"STRIDE":[211],"threat":[212],"modelling":[213],"analysis":[214],"refine":[216],"models":[217],"theoretical":[219,311],"studies.":[220],"found":[222],"factors":[228],"satisfactory":[231],"when":[232],"designing":[233],"configurations.":[236],"This":[237,306],"raises":[238,257],"concerns":[239],"users":[241],"confident":[244],"whether":[245],"they":[246],"have":[247],"completed":[248],"configurations":[250],"accurately":[251],"therefore":[252],"leading":[253],"misconfigurations":[255],"risk":[259],"attack.":[262],"Prior":[263],"studies":[264],"stated":[265],"this":[266],"is":[267],"users\u2019":[270,299],"abilities":[273,288],"knowledge/skills.":[276],"But,":[277],"little":[278],"points":[280],"out":[281],"systems\u2019":[285],"provide":[291],"appropriate":[292],"feedback":[293],"can":[295],"contribute":[296],"nurture":[298],"knowledge":[300],"cope":[302],"with":[303],"environment.":[305],"alters":[308],"existing":[310],"usability":[313],"model":[314],"for":[315,322],"offers":[318],"into":[320],"conveying":[323],"semantics":[324],"minimise":[326],"misconfigurations.":[327]},"counts_by_year":[{"year":2024,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}