Volume 3 - Issue 3 - 4
Externalizing Behaviour for Analysing System Models
- Marieta Georgieva Ivanova
Technical University of Denmark, Denmark
mgiv@dtu.dk
- Christian W. Probst
Technical University of Denmark, Denmark
cwpr@dtu.dk
- Rene Rydhof Hansen
Aalborg University, Denmark
rrh@cs.aau.dk
- Florian Kammuller
Middlesex University, UK
F.Kammueller@mdx.ac.uk
Keywords: system models, static analysis, human behaviour
Abstract
System models have recently been introduced to model organisations and evaluate their vulnerability
to threats and especially insider threats. Especially for the latter these models are very suitable, since
insiders can be assumed to have more knowledge about the attacked organisation than outside attack-
ers. Therefore, many attacks are considerably easier to be performed for insiders than for outsiders.
However, current models do not support explicit specification of different behaviours. Instead, be-
haviour is deeply embedded in the analyses supported by the models, meaning that it is a complex,
if not impossible task to change behaviours. Especially when considering social engineering or the
human factor in general, the ability to use different kinds of behaviours is essential. In this work we
present an approach to make the behaviour a separate component in system models, and explore how
to integrate in existing models.