Formal Modelling and Analysis of Socio-Technical Systems

• Published in: Semantics, Logics, and Calculi Vol. 9560; pp. 54 - 73
• Main Authors: Probst, Christian W., Kammüller, Florian, Hansen, René Rydhof
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 01.01.2016; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Attack Tree Generation; Birthday Cake; Computer programming / software development; Information retrieval; Social Engineers; Socio-technical Systems; Software Engineering; Tuple Space
• ISBN: 9783319278094; 3319278096
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-27810-0_3

Attacks on systems and organisations increasingly exploit human actors, for example through social engineering. This non-technical aspect of attacks complicates their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified through brainstorming of experts. In this work we discuss several approaches to formalising socio-technical systems and their analysis. Starting from a flow logic-based analysis of the insider threat, we discuss how to include the socio aspects explicitly, and show a formalisation that proves properties of this formalisation. On the formal side, our work closes the gap between formal and informal approaches to socio-technical systems. On the informal side, we show how to steal a birthday cake from a bakery by social engineering.