Everyone is familiar with the yellow ‘Post-it’ memos, showing login details, that are often found stuck to computer monitors. The same goes for USB sticks found in car parks. However, few grasp the real impact of such actions on an organization’s business or brand. Both may eventually lead to data theft, not as a result of any technical failure, but as a result of the vagaries of human behaviour. The TREsPASS project’s `attack navigator’ combines technical and human aspects of security to identify weak points in organizations and their infrastructure.
The tool can then help users to select the most effective countermeasures. To this end, the project combines knowledge from the technical sciences (how vulnerable are protocols and software?) and social sciences (how vulnerable are patterns of human behaviour and why?), as well as state-of-the-art industry processes and tools. Visualizing this information in a sufficiently expressive way is one of the challenges facing this project.
The four-year project entitled “Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security” (TREsPASS) pools expertise from the University of Twente with that of 16 partners. The project coordinator is Prof. Pieter Hartel of the Distributed and Embedded Security Group. Various other technical groups from the University of Twente are also involved. These include Prof. Jaco van de Pol’s Formal Methods and Tools and Prof. Roel Wieringa’s Information Systems. Professor Marianne Junger’s Social Risks and Safety Studies group will focus on the human aspects. The University of Twente’s share of the project budget is 3.3 million euros, of which 2.6 million is funded by the EU.
The University of Twente’s partners in TREsPASS are the Technical University of Denmark, Cybernetica (Estonia), GMV Spain, GMV Portugal, Royal Holloway University of London (United Kingdom), itrust Consulting (Luxembourg), Goethe University Frankfurt (Germany), IBM Research Zürich (Switzerland), Delft University of Technology (Netherlands), Hamburg University of Technology (Germany), the University of Luxembourg (Luxembourg), Aalborg University (Denmark), Consult Hyperion (UK), BizzDesign (Netherlands), Deloitte (Netherlands), and Lust (Netherlands).
The TREsPASS project is funded by the European Union, as part of the FP7 Framework Programme.
Reprinted from: University of Twente