'Attack navigator' protects against weak spots in security
Human behaviour key in protecting information assets
7 November 2012
An information infrastructure may be protected by the best technical means possible, but in the end it is often human behaviour that leads to unwanted intrusion or to the theft of information. By themselves, technical solutions will not solve these problems. That’s why universities and companies all over Europe are getting involved in the TREsPASS project, which makes specific allowance for the human dimension. The aim is to develop a smart ‘attack navigator’, which will trace potential weak points within an organization or a given infrastructure. The four year, 13.5 million euro project, which is being led by the University of Twente in the Netherlands, starts with a kick-off meeting on 5 and 6 November.
Everyone is familiar with the yellow ‘Post-it’ memos, showing login details, that are often found stuck to computer monitors. The same goes for USB sticks found in car parks. However, few grasp the real impact of such actions on an organization’s business or brand. Both may eventually lead to data theft, not as a result of any technical failure, but as a result of the vagaries of human behaviour. The TREsPASS project’s `attack navigator’ combines technical and human aspects of security to identify weak points in organizations and their infrastructure. The tool can then help users to select the most effective countermeasures. To this end, the project combines knowledge from the technical sciences (how vulnerable are protocols and software?) and social sciences (how vulnerable are patterns of human behaviour and why?), as well as state-of-the-art industry processes and tools. Visualizing this information in a sufficiently expressive way is one of the challenges facing this project.
University of Twente
The four-year project entitled “Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security” (TREsPASS) pools expertise from the University of Twente with that of 16 partners. The project coordinator is Prof. Pieter Hartel of the Distributed and Embedded Security Group. This group is part of the research institute CTIT of the University of Twente. Various other CTIT groups from the University of Twente are also involved. These include Prof. Jaco van de Pol's Formal Methods and Tools and Prof. Roel Wieringa's Information Systems. Professor Marianne Junger's Social Risks and Safety Studies group will focus on the human aspects. Her group is part of UT’s research institute IGS. The University of Twente's share of the project budget is 3.3 million euros, of which 2.6 million is funded by the EU.
The University of Twente's partners in TREsPASS are the Technical University of Denmark, Cybernetica (Estonia), GMV Spain, GMV Portugal, Royal Holloway University of London (United Kingdom), itrust Consulting (Luxembourg), Goethe University Frankfurt (Germany), IBM Research Zürich (Switzerland), Delft University of Technology (Netherlands), Hamburg University of Technology (Germany), the University of Luxembourg (Luxembourg), Aalborg University (Denmark), Consult Hyperion (UK), BizzDesign (Netherlands), Deloitte (Netherlands), and Lust (Netherlands).
8 million euros grant for CTIT research
It concerns the following projects:
- Global Online Science Labs for Inquiry Learning at School (GO-LAB)
Go to the website of research institute CTIT for more information.