Externalizing Behaviour for Analysing System Models

Marieta Georgieva Ivanova; Christian W. Probst; René Rydhof Hansen; Florian Kammuller

Externalizing Behaviour for Analysing System Models

Marieta Georgieva Ivanova
, Christian W. Probst
, René Rydhof Hansen
, Florian Kammuller

Department of Applied Mathematics and Computer Science

Research output: Contribution to journal › Journal article › Research › peer-review

230 Downloads (Orbit)

Abstract

System models have recently been introduced to model organisations and evaluate their vulnerability to threats and especially insider threats. Especially for the latter these models are very suitable, since insiders can be assumed to have more knowledge about the attacked organisation than outside attackers. Therefore, many attacks are considerably easier to be performed for insiders than for outsiders. However, current models do not support explicit specification of different behaviours. Instead, behaviour is deeply embedded in the analyses supported by the models, meaning that it is a complex, if not impossible task to change behaviours. Especially when considering social engineering or the human factor in general, the ability to use different kinds of behaviours is essential. In this work we present an approach to make the behaviour a separate component in system models, and explore how to integrate in existing models.

Original language	English
Journal	Journal of Internet Services and Information Security
Volume	3
Issue number	3/4
Pages (from-to)	52-62
ISSN	2182-2069
Publication status	Published - 2013

Keywords

system models
static analysis
human behaviour

Access to Document

Jisis 2013 vol3 no34 05Final published version, 932 KB

OpenUrl availability

Full text

Cite this

@article{706089cba6394a3d83ea9933fcbcc2de,

title = "Externalizing Behaviour for Analysing System Models",

abstract = "System models have recently been introduced to model organisations and evaluate their vulnerability to threats and especially insider threats. Especially for the latter these models are very suitable, since insiders can be assumed to have more knowledge about the attacked organisation than outside attackers. Therefore, many attacks are considerably easier to be performed for insiders than for outsiders. However, current models do not support explicit specification of different behaviours. Instead, behaviour is deeply embedded in the analyses supported by the models, meaning that it is a complex, if not impossible task to change behaviours. Especially when considering social engineering or the human factor in general, the ability to use different kinds of behaviours is essential. In this work we present an approach to make the behaviour a separate component in system models, and explore how to integrate in existing models. ",

keywords = "system models, static analysis, human behaviour",

author = "Ivanova, \{Marieta Georgieva\} and Probst, \{Christian W.\} and Hansen, \{Ren{\'e} Rydhof\} and Florian Kammuller",

year = "2013",

language = "English",

volume = "3",

pages = "52--62",

journal = "Journal of Internet Services and Information Security",

issn = "2182-2069",

publisher = "Innovative Information Science and Technology Research Group",

number = "3/4",

}

TY - JOUR

T1 - Externalizing Behaviour for Analysing System Models

AU - Ivanova, Marieta Georgieva

AU - Probst, Christian W.

AU - Hansen, René Rydhof

AU - Kammuller, Florian

PY - 2013

Y1 - 2013

N2 - System models have recently been introduced to model organisations and evaluate their vulnerability to threats and especially insider threats. Especially for the latter these models are very suitable, since insiders can be assumed to have more knowledge about the attacked organisation than outside attackers. Therefore, many attacks are considerably easier to be performed for insiders than for outsiders. However, current models do not support explicit specification of different behaviours. Instead, behaviour is deeply embedded in the analyses supported by the models, meaning that it is a complex, if not impossible task to change behaviours. Especially when considering social engineering or the human factor in general, the ability to use different kinds of behaviours is essential. In this work we present an approach to make the behaviour a separate component in system models, and explore how to integrate in existing models.

AB - System models have recently been introduced to model organisations and evaluate their vulnerability to threats and especially insider threats. Especially for the latter these models are very suitable, since insiders can be assumed to have more knowledge about the attacked organisation than outside attackers. Therefore, many attacks are considerably easier to be performed for insiders than for outsiders. However, current models do not support explicit specification of different behaviours. Instead, behaviour is deeply embedded in the analyses supported by the models, meaning that it is a complex, if not impossible task to change behaviours. Especially when considering social engineering or the human factor in general, the ability to use different kinds of behaviours is essential. In this work we present an approach to make the behaviour a separate component in system models, and explore how to integrate in existing models.

KW - system models

KW - static analysis

KW - human behaviour

M3 - Journal article

SN - 2182-2069

VL - 3

SP - 52

EP - 62

JO - Journal of Internet Services and Information Security

JF - Journal of Internet Services and Information Security

IS - 3/4

ER -

Externalizing Behaviour for Analysing System Models

Abstract

Keywords

Access to Document

OpenUrl availability

Fingerprint

Cite this