Title :
Security Analysis of Information Systems Taking into Account Social Engineering Attacks
Author :
Kotenko, Igor ; Stepashkin, Mikhail ; Doynikova, Elena
Author_Institution :
Lab. of Comput. Security Problems, St. Petersburg Inst. for Inf. & Autom., St. Petersburg, Russia
Abstract :
The paper suggests an attack trees based approach to security analysis of information systems. The approach considers both software-technical and social engineering attacks. It extends the approach to network security analysis based on software-technical attacks which was suggested earlier by the authors of this paper. The main difference is in generalizing the suggested approach for information systems and in use of different conceptions, models and frameworks related to social-engineering attacks. In particular, we define conceptions of legitimate users and control areas. Besides, social-engineering attacks and attacks that require physical access to control areas are included to the attack trees used for security analysis. The paper also describes a security analysis toolkit based on the approach suggested and experiments with it to define the security level of information system.
Keywords :
security of data; information systems; network security analysis; security analysis; social engineering attacks; software technical attacks; Access control; Analytical models; Computational modeling; Information systems; Measurement; Synthetic aperture sonar; attack trees; computer attacks; risk analysis; security analysis; security modelling;
Conference_Titel :
Parallel, Distributed and Network-Based Processing (PDP), 2011 19th Euromicro International Conference on
Conference_Location :
Ayia Napa
Print_ISBN :
978-1-4244-9682-2
DOI :
10.1109/PDP.2011.62
