In recent years, the security research community has been very active in proposing different techniques and algorithms to face the proliferating security vulnerabilities. However, social engineering remains an alarming threat to the most secured networks. Security administrators are certainly aware of the gravity of the human factor, whatever is the strength of the technological measures. The human factor is still a difficult-to-surround notion and a difficult to quantify concept. It is rarely considered in the early stages of the development lifecycle of software, assuming traditional security considerations have been taken into account. In this chapter, we discuss the added-value of context as a way to deal with social engineering. Based on a case study describing a typical attack, we provide a first attempt to model this parameter.
Background On Context
This Section is intended to provide a summary of theoretical study of context.
The term context has been extensively defined and commented in recent research. However, there is not yet a commonly accepted definition of context (Bazire & Brézillon, 2005). Nevertheless, a consensus begins to appear around “Context is what constrains a problem solving without intervening in it explicitly” (Brézillon & Pomerol, 1999). This definition suggests that the context is always let implicit and tacit, and is rarely mentioned explicitly.
Key Terms in this Chapter
Security Asset: Any valuable resource protected by a computerized infrastructure.
Case-Based Reasoning: A technique that helps solving a specific problem based on past similar ones.
Human Factor: Influence of human behavior on information security.
E-Health: Electronic health is the result of the involvement of electronic in providing health services such as patient record and health plan description.
Security Context: Set of information collected from the user’s environment and the application environment and that is relevant to the security infrastructure of both the user and the application.
Data Mining: A set of techniques that analyze data for the sake of finding patterns and relationships.
Trust: The degree of confidence an entity has in another entity.