Security analysis of socio-technical physical systems

Lenzini, Gabriele; Mauw, Sjouke; Ouchani, Samir

doi:10.1016/j.compeleceng.2015.02.019

Cited by 18 publications

(19 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, it is challenging to prove through derivation of formulae. We thus simulated them by using PRISM [ 16,24], a useful probabilistic model checker that is widely used for modeling and verification of issues such as contract signing and analysis of anonymity [25,26,37,38,34]. PRISM has been evaluated in [12].…”

Section: Simulations and Resultsmentioning

confidence: 99%

Randomness invalidates criminal smart contracts

Wang

Bracciali

et al. 2019

Information Sciences

View full text Add to dashboard Cite

show abstract

Section: Simulations and Resultsmentioning

confidence: 99%

Randomness invalidates criminal smart contracts

Wang

Bracciali

et al. 2019

Information Sciences

View full text Add to dashboard Cite

show abstract

“…Indeed, it is impossible to model all security-relevant devices, protocols and behaviours in a single model. Typically, socio-technical models look at capturing organisational infrastructure (e.g., [10], [16], [18], [12]), but sometimes they can focus only on some aspects of human-computer interactions (e.g., [19], [6]).…”

Section: Socio-technical Models Versus Attack-defence Modelsmentioning

confidence: 99%

“…In [12] the authors work on directly applying model checking to a sociotechnical model in order to evaluate some reachability-based security properties.…”

Section: Related Workmentioning

confidence: 99%

How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

Gadyatskaya

2016

Graphical Models for Security

View full text Add to dashboard Cite

Abstract. Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the sociotechnical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to offer basic attack-defence analysis, but also they can be used to select and maintain the security controls that cannot be handled by the model itself. Full version of this paper has appeared in GraMSec 2015, to be published by Springer.

show abstract

“…Lenzini et al [15] provide a modelling formalism to support planning around whether and how a malicious party can gain unauthorised access to resources in a complex physical location. The modelling approach the authors describe allows definition of people and objects within the locations that are being considered.…”

Section: Related Workmentioning

confidence: 99%

Case study

Caulfield

Parkin

2016

Proceedings of the 6th Workshop on Socio-Technical Aspects in Security and Trust

View full text Add to dashboard Cite

We investigate a planned physical security intervention at a partner organisation site, to determine the potential individual cost of security upon employees when replacing a secure door with a turnstile. Systems modelling techniques are applied to model the lobby area of the site, and to guide data collection to situate the model. Managers at the site were consulted during preference elicitation to identify meaningful model parameters. Direct observation of regular employee behaviours from pre-recorded CCTV footage provided localised data: 1800 sequences of behaviour events were logged over one working day for approximately 600 employees and visitors. This included responses to security events, such as returning to the card reader or moving to a different turnstile. Model results showed that if one turnstile was implemented at the observed site, an average of 0.5 seconds would be added to individual entry times for employees, amounting to over sixty hours for the site as a whole over a year. Three turnstiles approach the time cost of a secure door. CCS CONCEPTS• Security and privacy → Formal security models; Economics of security and privacy; Usability in security and privacy;

show abstract

Security analysis of socio-technical physical systems

Cited by 18 publications

References 15 publications

Randomness invalidates criminal smart contracts

Randomness invalidates criminal smart contracts

How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

Case study

Contact Info

Product

Resources

About