Attacks on systems and organisations increasingly exploit human actors, for example through social engineering. This non-technical aspect of attacks complicates their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified through brainstorming of experts. In this work we discuss several approaches to formalising socio-technical systems and their analysis. Starting from a flow logic-based analysis of the insider threat, we discuss how to include the socio aspects explicitly, and show a formalisation that proves properties of this formalisation. On the formal side, our work closes the gap between formal and informal approaches to socio-technical systems. On the informal side, we show how to steal a birthday cake from a bakery by social engineering.
|Title of host publication||Semantics, Logics, and Calculi : Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays|
|Editors||Christian W. Probst, Chris Hankin, René Rydhof Hansen|
|Publication status||Published - 2016|
|Series||Lecture Notes in Computer Science|
Probst, C. W., Kammüller, F., & Hansen, R. R. (2016). Formal modelling and analysis of socio-technical systems. In C. W. Probst, C. Hankin, & R. Rydhof Hansen (Eds.), Semantics, Logics, and Calculi: Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays (pp. 54-73). Springer. Lecture Notes in Computer Science, Vol.. 9560 https://doi.org/10.1007/978-3-319-27810-0_3