Development of methodical social engineering taxonomy project

Laribee, Lena

Development of methodical social engineering taxonomy project

Files

06Jun_Laribee.pdf (266.17 KB)

Authors

Laribee, Lena

Advisors

Martell, Craig H.

Rowe, Neil C.

Date of Issue

2006-06

Publisher

Monterey, California. Naval Postgraduate School

Abstract

Since security is based on trust in authenticity as well as trust in protection, the weakest link in the security chain is often between the keyboard and chair. We have a natural human willingness to accept someone at his or her word. Attacking computer systems via information gained from social interactions is a form of social engineering. Attackers know how much easier it is to trick insiders instead of targeting the complex technological protections of systems. In an effort to formalize social engineering, we are building two models: Trust and Attack. Because social-engineering attacks are complex and typically require multiple visits and targets, these two models can be applied, individually or together, at various times to each individual attack goal.

Type

Thesis

URI

https://hdl.handle.net/10945/2734

Organization

Naval Postgraduate School (U.S.)

Format

xiv, 53 p. : col. ill. ;

Distribution Statement

Approved for public release; distribution is unlimited.

Rights

This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, is not copyrighted in the U.S.

Collections

Theses

Full item page

Naval Postgraduate School

Dudley Knox Library