Modelling and Analysing Socio-Technical Systems

Zaruhi Aslanyan, Marieta Georgieva Ivanova, Flemming Nielson, Christian W. Probst

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

262 Downloads (Pure)

Abstract

Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An in-creasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack with social engineering. Due to this combination of attack steps on technical and social levels, risk assessment in socio-technical systems is complex. Therefore, established risk assessment methods often abstract away the internal structure of an organisation and ignore human factors when modelling and assessing attacks. In our work we model all relevant levels of socio-technical systems, and propose evaluation techniques for analysing the security properties of the model. Our approach simplifies the identification of possible attacks and provides qualified assessment and ranking of attacks based on the expected impact.

We demonstrate our approach on a home-payment system. The system is specifically designed to help elderly or disabled people, who may have difficulties leaving their home, to pay for some services, e.g., care-taking or rent. The payment is performed using the remote control of a television box with a con-tactless payment card (see Figure 1). When a transfer is initiated, a password is needed in order to authenticate the owner of the card.
Original languageEnglish
Title of host publicationProceedings of the 1st International Workshop on Socio-Technical Perspective in IS Development (STPIS'15)
EditorsStewart Kowalski, Peter Bednar, Ilia Bider
Publication date2015
Pages121-124
Publication statusPublished - 2015
Event1st International Workshop on Socio-Technical Perspective in IS Development (STPIS'15) - Stockholm, Sweden
Duration: 9 Jun 2015 → …
Conference number: 1
http://stpis2015.blogs.dsv.su.se/

Workshop

Workshop1st International Workshop on Socio-Technical Perspective in IS Development (STPIS'15)
Number1
Country/TerritorySweden
CityStockholm
Period09/06/2015 → …
OtherCo-located with the 27th International Conference on Advanced Information Systems Engineering (CAiSE 2015)
Internet address
SeriesCEUR Workshop Proceedings
Numberurn:nbn:de:0074-1374-8
Volume1374
ISSN1613-0073

Fingerprint

Dive into the research topics of 'Modelling and Analysing Socio-Technical Systems'. Together they form a unique fingerprint.

Cite this