Part 5: Short PapersInternational audienceAttacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based on invalidating policies in the system model by identifying possible sequences of actions that lead to an attac...
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Comput...
Attacks on organisations today explore many different layers, including buildings infrastructure, IT...
Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a sy...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Efficient risk assessment requires automation of its most tedious tasks: identification of vulnerabi...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
Attack trees provide a formal, methodical way of describing the security of systems, based on varyin...
14 pages ; Session 4: PrivacyInternational audienceAmong the issues the information system security ...
peer reviewedAttack trees provide a systematic way of characterizing diverse system threats. Their ...
Identification of threats to organisations and risk assessment often take into consideration the pur...
Abstract—In this paper we revisit the advances made on invalidation policies to explore attack possi...
International audienceAttack trees are widely used in the fields of defense for the analysis of risk...
In this paper we revisit the advances made on invalidation policies to explore attack possibilities ...
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Comput...
Attacks on organisations today explore many different layers, including buildings infrastructure, IT...
Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a sy...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Efficient risk assessment requires automation of its most tedious tasks: identification of vulnerabi...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
Attack trees provide a formal, methodical way of describing the security of systems, based on varyin...
14 pages ; Session 4: PrivacyInternational audienceAmong the issues the information system security ...
peer reviewedAttack trees provide a systematic way of characterizing diverse system threats. Their ...
Identification of threats to organisations and risk assessment often take into consideration the pur...
Abstract—In this paper we revisit the advances made on invalidation policies to explore attack possi...
International audienceAttack trees are widely used in the fields of defense for the analysis of risk...
In this paper we revisit the advances made on invalidation policies to explore attack possibilities ...
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Comput...
Attacks on organisations today explore many different layers, including buildings infrastructure, IT...
Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a sy...