Externalizing Behaviour for Analysing System Models

Marieta Georgieva Ivanova^1*, Christian W. Probst¹, René Rydhof Hansen²,
and Florian Kammüller³

¹Technical University of Denmark, Denmark
{mgiv, cwpr}@dtu.dk

²Aalborg University, Denmark
rrh@cs.aau.dk

³Middlesex University, UK
F.Kammueller@mdx.ac.uk

Abstract
Systems models have recently been introduced to model organisationsandevaluate their vulnerability to threats and especially insiderthreats. Especially for the latter these models are very suitable, since insiders can be assumed to have more knowledge about the attacked organisation than outside attackers. Therefore, manyattacks are considerably easier to be performed for insiders than for outsiders. However, current models do not support explicit specification of different behaviours. Instead, behaviour is deeply embedded in the analyses supported by the models, meaning that it is a complex, if not impossible task to change behaviours. Especially when considering social engineering or the human factor in general, the ability to use different kinds of behaviours is essential. In this work we present an approach to make the behaviour a separate component in system models, and explore how to integrate in existing models. 
 

Keywords: system models, static analysis, human behaviour

*: Corresponding author: Marieta Georgieva Ivanova 
Technical University of Denmark, DTU Compute, Building 322, Room 009, DK-2800 Lyngby, Denmark,
Tel: +45-45253734

Journal of Internet Services and Information Security (JISIS), 3(3/4): 52-62, November  2013 [pdf]