Title: Modeling Social-Technical Attacks

Short description: According to the recent statistics provided by US-CERT, damages and losses to financial firms
linked to managers, sales staff and other non-technical personnel cost about $800,000 per organization. The insider
problem is extremely hard to deal with because the attacker is a person with insider knowledge of the infrastructure,
and knows how to utilize holes in IT-systems. It is also hard to come up with policies that prevent insider attacks as
at some level employees are "trusted" to perform actions in a legitimate way.

At the design level, different taxonomies, architectures, and modeling languages are proposed to design systems and
software. For example, UML and SysML are prominent object-oriented modeling languages that have become today's
defacto standards for modern software and systems engineering.

This master project targets to develop a formal modeling framework for insider socio-technical attacks. First, the
candidate surveys the existing modeling and strategies of social-technical attacks.  The objective is to design a
library of attacks by using a standard modeling language. The library will help to analyze a system toward insider
attacks. Further, the framework is extensible by developing techniques to ensure the safety of the system against
insider attacks. At this stage, a formal verification technique will be proposed to check the safety inside the
infrastructure.

Contact: Dr. Samir OUCHANI (Samir.ouchani@uni.lu)