Skip to main content
SpringerLink
Log in

Formal Modelling and Analysis of Socio-Technical Systems

  • Chapter
  • First Online:
Semantics, Logics, and Calculi

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9560))

Abstract

Attacks on systems and organisations increasingly exploit human actors, for example through social engineering. This non-technical aspect of attacks complicates their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified through brainstorming of experts. In this work we discuss several approaches to formalising socio-technical systems and their analysis. Starting from a flow logic-based analysis of the insider threat, we discuss how to include the socio aspects explicitly, and show a formalisation that proves properties of this formalisation. On the formal side, our work closes the gap between formal and informal approaches to socio-technical systems. On the informal side, we show how to steal a birthday cake from a bakery by social engineering.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    To simplify treatment we assume the bakery to be high-tech. A different approach would have been to model the baking process at the baker or the bakery, requiring the recipe as input.

References

  1. Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (2004)

    Google Scholar 

  2. BBC News: Hack attack causes ‘massive damage’ at steel works (2014). http://www.bbc.com/news/technology-30575104. Accessed 15 October 2015

  3. Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley Professional, Boston (2012)

    Google Scholar 

  4. Hunker, J., Probst, C.W.: Insiders and insider threats–an overview of definitions and mitigation techniques. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 2(1), 3–25 (2011)

    Google Scholar 

  5. Nielson, H.R., Nielson, F., Pilegaard, H.: Flow logic for process calculi. ACM Comput. Surv. 44(1), 3 (2012)

    Article  Google Scholar 

  6. Probst, C.W., Hansen, R.R.: An extensible analysable system model. Inf. Secur. Tech. Rep. 13(4), 235–246 (2008)

    Article  Google Scholar 

  7. de Nicola, R., Ferrari, G.L., Pugliese, R.: KLAIM: a kernel language for agents interaction and mobility. IEEE Trans. Softw. Eng. 24(5), 315–330 (1998)

    Article  Google Scholar 

  8. Probst, C.W., Hansen, R.R., Nielson, F.: Where can an insider attack? In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 127–142. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Riis Nielson, H., Nielson, F.: Flow logic: a multi-paradigmatic approach to static analysis. In: Mogensen, T.Æ., Schmidt, D.A., Sudborough, I.H. (eds.) The Essence of Computation. LNCS, vol. 2566, pp. 223–244. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Kammüller, F., Probst, C.W.: Invalidating policies using structural information. In: Proceedings of the 2nd International IEEE Workshop on Research on Insider Threats (WRIT 2013), pp. 76–81, May 2013

    Google Scholar 

  11. Kammüller, F., Probst, C.W.: Combining generated data models with formal invalidation for insider threat analysis. In: Proceedings of the 3rd International IEEE Workshop on Research on Insider Threats (WRIT 2014), pp. 229–235, May 2014

    Google Scholar 

  12. Schneier, B.: Secrets and Lies: Digital Security in a Networked World. Wiley, New York (2004)

    Google Scholar 

  13. Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: Dag-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)

    Article  Google Scholar 

  14. Aslanyan, Z., Nielson, F.: Pareto efficient solutions of attack-defence trees. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 95–114. Springer, Heidelberg (2015)

    Google Scholar 

  15. Buldas, A., Lenin, A.: New efficient utility upper bounds for the fully adaptive model of attack trees. In: Das, S.K., Nita-Rotaru, C., Kantarcioglu, M. (eds.) GameSec 2013. LNCS, vol. 8252, pp. 192–205. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  16. Vigo, R., Nielson, F., Nielson, H.R.: Automated generation of attack trees. In: Proceedings of the 27th Computer Security Foundations Symposium (CSF), pp. 337–350. IEEE (2014)

    Google Scholar 

  17. Kammüller, F., Probst, C.W.: Modeling and verification of insider threats using logical analysis. IEEE Syst. J., Special issue on Insider Threats to Information Security, Digital Espionage, and Counter Intelligence. Accepted for publication (2016)

    Google Scholar 

  18. Kammüller, F.: Isabelle formalisation of an insider threat framework with examples entitled independent and ambitious leader (2015). https://www.dropbox.com/sh/rx8d09pf31cv8bd/AAALKtaP8HMX642fi04Og4NLa?dl=0

  19. Dimkov, T.: Alignment of Organizational Security Policies - Theory and Practice. University of Twente (2012)

    Google Scholar 

  20. Pieters, W., Dimkov, T., Pavlovic, D.: Security policy alignment: a formal approach. IEEE Syst. J. 7(2), 275–287 (2013)

    Article  Google Scholar 

  21. Salter, C., Saydjari, O.S., Schneier, B., Wallner, J.: Toward a secure system engineering methodology. In: Proceedings of the 1998 Workshop on New Security Paradigms (NSPW). pp. 2–10, September 1998

    Google Scholar 

  22. Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New security paradigms (NSPW 1998), pp. 71–79 (1998)

    Google Scholar 

  23. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P 2002), vol. 129, pp. 273–284 (2002)

    Google Scholar 

Download references

Acknowledgments

Part of the research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement no. 318003 (TRE\(_\mathrm {S}\)PASS). This publication reflects only the authors’ views and the Union is not liable for any use that may be made of the information contained herein.

Author information

Authors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Christian W. Probst

  2. Middlesex University, London, UK

    Florian Kammüller

  3. Aalborg University, Aalborg, Denmark

    René Rydhof Hansen

Authors
  1. Christian W. Probst
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florian Kammüller
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. René Rydhof Hansen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian W. Probst .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Christian W. Probst

  2. Imperial College London, London, United Kingdom

    Chris Hankin

  3. Aalborg University, Aalborg, Denmark

    René Rydhof Hansen

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Probst, C.W., Kammüller, F., Hansen, R.R. (2016). Formal Modelling and Analysis of Socio-Technical Systems. In: Probst, C., Hankin, C., Hansen, R. (eds) Semantics, Logics, and Calculi. Lecture Notes in Computer Science(), vol 9560. Springer, Cham. https://doi.org/10.1007/978-3-319-27810-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27810-0_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27809-4

  • Online ISBN: 978-3-319-27810-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation