Order Now
Framework

The Cranor Model Framework

2 min read
Posted on 
April 28th, 2025
Home Framework The Cranor Model Framework

The Cranor model framework was proposed by CMU Professor Lorrie Faith Cranor to identify and analyze security issues caused due to human error. The human-in-the-loop security framework is introduced in this model to analyze the human role in a secure system, identify potential failure modes and find ways to reduce the likelihood of failure (Cranor, 2008). This framework analyzes systematically the role of human on wide range of secure systems and their design problems, including anti-phishing warnings and password policies in a conceptual way.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

It consists of four components communication, communication impediments, human receiver and behavior.

Communication

In the context of security, communication can be categorized into warnings, notices, status indicators, training, and policies. Warnings are used to alert user about hazard and convince them to take necessary action to mitigate it. Notices give information of a particular object which helps in making appropriate decisions. Status indicators give system status information. Training and Policies when effectively implemented gives users the ability to react and respond to the situation appropriately.

Communication impediments

Communication though sent can be lost due to interference and environmental stimuli. Attackers can introduce malicious code or divert user’s attention by external factors thus being successful in destroying the communication. Human receiver Since we have human on the receiving end of security communication, six different attributes are considered — Communication delivery, Communication processing, Application, Personal variables, Intentions and Capabilities.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Behavior

When a communication is received, the basic goal is to understand the commands and implement them properly. The human-in-the-loop security framework is designed to use in human threat identification and mitigation process.

It consists of task identification, task automation, failure identification in two ways (her framework and user studies), and mitigating those failures. This process has to be implemented at the design phase to reduce human security failures.

References

Cranor, L.F. (2008). A Framework for Reasoning About the Human in the Loop. UPSEC. Garfinkel, S., & Lipford, H. R. (2014). Usable Security: History, Themes, and Challenges. Morgan & Claypool Publishers.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now