Modelling Social-Technical Attacks with Timed Automata

Nicolas David, Alexandre David, René Rydhof Hansen, Kim G. Larsen, Axel Legay, Mads Chr. Olesen, Christian W. Probst

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    14 Citations (Scopus)
    16 Downloads (Pure)

    Abstract

    Attacks on a system often exploit vulnerabilities that arise from human behaviour or other human activity. Attacks of this type, so-called socio-technical attacks, cover everything from social engineering to insider attacks, and they can have a devastating impact on an unprepared organisation. In this paper we develop an approach towards modelling socio-technical systems in general and socio-technical attacks in particular, using timed automata and illustrate its application by a complex case study. Thanks to automated model checking and automata theory, we can automatically generate possible attacks in our model and perform analysis and simulation of both model and attack, revealing details about the specific interaction between attacker and victim. Using timed automata also allows for intuitive modelling of systems, in which quantities like time and cost can be easily added and analysed.
    Original languageEnglish
    Title of host publicationMIST '15
    Subtitle of host publicationProceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats
    Place of PublicationNew York, NY
    PublisherAssociation for Computing Machinery
    Pages21-28
    Number of pages8
    ISBN (Print)978-1-4503-3824-0
    DOIs
    Publication statusPublished - 12 Oct 2015
    Event7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015 - Denver, United States
    Duration: 16 Oct 201516 Oct 2015
    Conference number: 7

    Conference

    Conference7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015
    Abbreviated titleMIST
    Country/TerritoryUnited States
    CityDenver
    Period16/10/1516/10/15

    Keywords

    • EC Grant Agreement nr.: FP7/318003
    • EC Grant Agreement nr.: FP7/2007-2013
    • Timed automata
    • Attack trees
    • Insider threats
    • Attack generation
    • n/a OA procedure

    Fingerprint

    Dive into the research topics of 'Modelling Social-Technical Attacks with Timed Automata'. Together they form a unique fingerprint.

    Cite this