Exploring rationality of self awareness in social networking for logical modeling of unintentional insiders

Unawareness of privacy risks together with approval seeking motivations make humans enter too much detail into the likes of Facebook, Twitter, and Instagram. To test whether the rationality principle applies, we construct a tool that shows to a user what is known publicly on social networking sites about her. In our experiment, we check whether this revelation changes human behaviour. To extrapolate and generalize, we use the insights gained by practical experimentation. Unaware users can become targeted by attackers. They then become unintentional insid- ers. We demonstrate this by extending the Isabelle Insider framework to accommodate a formal model of unintentional insiders, an open problem with long standing

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements