Modelling telecom fraud with e3value

Dan Ionita; Sebastiaan Koenen; Roelf J. Wieringa

Modelling telecom fraud with e3value

Dan Ionita, Sebastiaan Koenen, Roelf J. Wieringa

Research output: Book/Report › Report › Professional

291 Downloads (Pure)

Abstract

Telecommunication services are complex product packages that rely on a large and complex technical infrastructure. However, fraudulent use of such telecommunication services rarely exploits hardware vulnerabilities. Instead, most common exploits operate at a business level, capitalizing on the unexpected interaction between various product packages from multiple providers. As such, an assumption was made that in order to fully describe the scenarios, a modelling language capable of describing value transactions between actors is required. In order to validate this assumption, a business value modelling language, e3value was selected, generic (non-misuse) business models were created and four misuse scenarios were modelled. This report showcases the models, discusses strengths and limitations encountered during modelling and draws conclusions with regard to the applicability, usability and utility of e3value models in modelling (Telecom) fraud as well as more generally in Risk Assessment.

Original language	English
Place of Publication	Enschede
Publisher	Centre for Telematics and Information Technology (CTIT)
Number of pages	28
Publication status	Published - 31 Oct 2014

Publication series

Name	CTIT Technical Report Series
Publisher	University of Twente, Centre for Telematics and Information Technology (CTIT)
No.	TR-CTIT-14-11
ISSN (Print)	1381-3625

Keywords

EC Grant Agreement nr.: FP7/2007-2013
Telecom fraud
Attacker motivation
Impact estimation
Business value
EC Grant Agreement nr.: FP7/318003

Access to Document

ReportFinal published version, 4.47 MB

1 PhD Thesis - Research UT, graduation UT

Model-Driven Information Security Risk Assessment of Socio-Technical Systems
Ionita, D., 8 Mar 2018, Enschede: University of Twente. 156 p.
Research output: Thesis › PhD Thesis - Research UT, graduation UT

Open Access
File
1018 Downloads (Pure)

Cite this

@book{550577cede8349509e6c015f1a1edb32,

title = "Modelling telecom fraud with e3value",

abstract = "Telecommunication services are complex product packages that rely on a large and complex technical infrastructure. However, fraudulent use of such telecommunication services rarely exploits hardware vulnerabilities. Instead, most common exploits operate at a business level, capitalizing on the unexpected interaction between various product packages from multiple providers. As such, an assumption was made that in order to fully describe the scenarios, a modelling language capable of describing value transactions between actors is required. In order to validate this assumption, a business value modelling language, e3value was selected, generic (non-misuse) business models were created and four misuse scenarios were modelled. This report showcases the models, discusses strengths and limitations encountered during modelling and draws conclusions with regard to the applicability, usability and utility of e3value models in modelling (Telecom) fraud as well as more generally in Risk Assessment.",

keywords = "EC Grant Agreement nr.: FP7/2007-2013, Telecom fraud, Attacker motivation, Impact estimation, Business value, EC Grant Agreement nr.: FP7/318003",

author = "Dan Ionita and Sebastiaan Koenen and Wieringa, {Roelf J.}",

note = "Foreground = 100%; Type of activity = technical report; Main leader = UT; Type of audience = scientific community; Size of audience = n.a.; Countries addressed = international;",

year = "2014",

month = oct,

day = "31",

language = "English",

series = "CTIT Technical Report Series",

publisher = "Centre for Telematics and Information Technology (CTIT)",

number = "TR-CTIT-14-11",

address = "Netherlands",

}

TY - BOOK

T1 - Modelling telecom fraud with e3value

AU - Ionita, Dan

AU - Koenen, Sebastiaan

AU - Wieringa, Roelf J.

N1 - Foreground = 100%; Type of activity = technical report; Main leader = UT; Type of audience = scientific community; Size of audience = n.a.; Countries addressed = international;

PY - 2014/10/31

Y1 - 2014/10/31

N2 - Telecommunication services are complex product packages that rely on a large and complex technical infrastructure. However, fraudulent use of such telecommunication services rarely exploits hardware vulnerabilities. Instead, most common exploits operate at a business level, capitalizing on the unexpected interaction between various product packages from multiple providers. As such, an assumption was made that in order to fully describe the scenarios, a modelling language capable of describing value transactions between actors is required. In order to validate this assumption, a business value modelling language, e3value was selected, generic (non-misuse) business models were created and four misuse scenarios were modelled. This report showcases the models, discusses strengths and limitations encountered during modelling and draws conclusions with regard to the applicability, usability and utility of e3value models in modelling (Telecom) fraud as well as more generally in Risk Assessment.

AB - Telecommunication services are complex product packages that rely on a large and complex technical infrastructure. However, fraudulent use of such telecommunication services rarely exploits hardware vulnerabilities. Instead, most common exploits operate at a business level, capitalizing on the unexpected interaction between various product packages from multiple providers. As such, an assumption was made that in order to fully describe the scenarios, a modelling language capable of describing value transactions between actors is required. In order to validate this assumption, a business value modelling language, e3value was selected, generic (non-misuse) business models were created and four misuse scenarios were modelled. This report showcases the models, discusses strengths and limitations encountered during modelling and draws conclusions with regard to the applicability, usability and utility of e3value models in modelling (Telecom) fraud as well as more generally in Risk Assessment.

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - Telecom fraud

KW - Attacker motivation

KW - Impact estimation

KW - Business value

KW - EC Grant Agreement nr.: FP7/318003

M3 - Report

T3 - CTIT Technical Report Series

BT - Modelling telecom fraud with e3value

PB - Centre for Telematics and Information Technology (CTIT)

CY - Enschede

ER -

Modelling telecom fraud with e3value

Abstract

Publication series

Keywords

Access to Document

Fingerprint

Research output

Model-Driven Information Security Risk Assessment of Socio-Technical Systems

Cite this