3 research outputs found
Modelling Social-Technical Attacks with Timed Automata
Attacks on a system often exploit vulnerabilities that arise from human behaviour or other human activity. Attacks of this type, so-called socio-technical attacks, cover everything from social engineering to insider attacks, and they can have a devastating impact on an unprepared organisation. In this paper we develop an approach towards modelling socio-technical systems in general and socio-technical attacks in particular, using timed automata and illustrate its application by a complex case study. Thanks to automated model checking and automata theory, we can automatically generate possible attacks in our model and perform analysis and simulation of both model and attack, revealing details about the specific interaction between attacker and victim. Using timed automata also allows for intuitive modelling of systems, in which quantities like time and cost can be easily added and analysed
Natural Strategic Abilities in Voting Protocols
Security properties are often focused on the technological side of the
system. One implicitly assumes that the users will behave in the right way to
preserve the property at hand. In real life, this cannot be taken for granted.
In particular, security mechanisms that are difficult and costly to use are
often ignored by the users, and do not really defend the system against
possible attacks.
Here, we propose a graded notion of security based on the complexity of the
user's strategic behavior. More precisely, we suggest that the level to which a
security property is satisfied can be defined in terms of (a) the
complexity of the strategy that the voter needs to execute to make
true, and (b) the resources that the user must employ on the way. The simpler
and cheaper to obtain , the higher the degree of security.
We demonstrate how the idea works in a case study based on an electronic
voting scenario. To this end, we model the vVote implementation of the \Pret
voting protocol for coercion-resistant and voter-verifiable elections. Then, we
identify "natural" strategies for the voter to obtain receipt-freeness, and
measure the voter's effort that they require. We also look at how hard it is
for the coercer to compromise the election through a randomization attack