Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/en/node/34529' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/en/node/34529' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Analysis of Social Engineering Threats with Attack Graphs | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Analysis of Social Engineering Threats with Attack Graphs

Social engineering is the acquisition of information about computer systems through non-technical means. While technical security of most critical systems  is  high,  these  systems  remain  vulnerable  to  attacks  from  social  engineers. Social engineering is a technique that: (a) does not require any (advanced) technical tools, (b) can be used by anyone, (c) is cheap. While some research exists for classifying and analysing social engineering attacks, the integration of social engineering attackers with other attackers such as software or network ones is missing so far. In this paper, we propose to consider social engineering exploits together with technical vulnerabilities. We introduce a method for the integration of social engineering exploits into attack graphs and propose a simple  quantitative analysis of the graphs that helps to develop a comprehensive defensive strategy


The 3rd International Workshop on Quantitative Aspects in Security Assurance, Wroclow, 2014

External authors: Kristian Beckers (University of Duisburg)
IIT authors:

Leanid Krautsevich

Foto di Leanid Krautsevich

Type: Article in proceedings of international peer-reviewed conference
Field of reference: Computer Science & Engineering

Activity: Metodi formali per la sicurezza di sistemi ICT