Attacks on a system often exploit vulnerabilities that arise from human behaviour or other human activity. Attacks of this type, so-called socio-technical attacks, cover everything from social engineering to insider attacks, and they can have a devastating impact on an unprepared organisation. In this paper we develop an approach towards modelling socio-technical systems in general and socio-technical attacks in particular, using timed automata and illustrate its application by a complex case study. Thanks to automated model checking and automata theory, we can automatically generate possible attacks in our model and perform analysis and simulation of both model and attack, revealing details about the specific interaction between attacker a...
Modern organisations are complex, socio-technical systems consisting of a mixture of physical infras...
This manuscript is the author version of the manuscript of the same name published in Fundamenta Inf...
International audienceSecurity analysis is without doubt one of the most important issues in a socie...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
International audiencePerforming a thorough security risk assessment of an organisation has always b...
Performing a thorough security risk assessment of an organisation has always been challenging, but w...
Cyber-physical systems are processing large amounts of sensitive information, but are increasingly o...
This is the author version of the manuscript of the same name published in ACM Computing SurveysInte...
As cyber-physical systems become more and more complex, human debugging is not sufficient anymore to...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
Identification of threats to organisations and risk assessment often take into consideration the pur...
Risk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastruc...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Modern organisations are complex, socio-technical systems consisting of a mixture of physical infras...
This manuscript is the author version of the manuscript of the same name published in Fundamenta Inf...
International audienceSecurity analysis is without doubt one of the most important issues in a socie...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
International audiencePerforming a thorough security risk assessment of an organisation has always b...
Performing a thorough security risk assessment of an organisation has always been challenging, but w...
Cyber-physical systems are processing large amounts of sensitive information, but are increasingly o...
This is the author version of the manuscript of the same name published in ACM Computing SurveysInte...
As cyber-physical systems become more and more complex, human debugging is not sufficient anymore to...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
Identification of threats to organisations and risk assessment often take into consideration the pur...
Risk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastruc...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Modern organisations are complex, socio-technical systems consisting of a mixture of physical infras...
This manuscript is the author version of the manuscript of the same name published in Fundamenta Inf...
International audienceSecurity analysis is without doubt one of the most important issues in a socie...