Using the architecture of Socio-Technical System to analyse its vulnerability

International audienceToday, most complex and large systems, such as healthcare systems, integrate the physical and human aspects of computing and networking. They constitute a system of systems with a socio-technical part. The human element is nowadays one of the most important attack vectors in the context of systems of systems (SoS). In this context, the estimation of the impact of human vulnerability on these systems enables for a more secure design and for an integration of the system development cycle with security concerns. This approach is known as “security by design”. To improve the resilience of these SoS with respect to the vulnerability that humans bring, it is necessary to be able to estimate the impact that an individual can have on the system. In this article, we present an approach that enables to assess the impact of human vulnerability on a SoS composed of humans, which in this case will be a social technical system (STS). We propose to use behavioral models to model the propagation of a human vulnerability in a STS. We propose to use different models in order to capture the plurality of attacks on STS