Modelling telecom fraud with e3value
|Title||Modelling telecom fraud with e3value|
|Year of Publication||2014|
|Authors||Ionita D., Koenen S.K, Wieringa R.J|
|Keywords||attacker motivation, business value, impact estimation, Telecom fraud|
Telecommunication services are complex product packages that rely on a large and complex technical infrastructure. However, fraudulent use of such telecommunication services rarely exploits hardware vulnerabilities. Instead, most common exploits operate at a business level, capitalizing on the unexpected interaction between various product packages from multiple providers. As such, an assumption was made that in order to fully describe the scenarios, a modelling language capable of describing value transactions between actors is required. In order to validate this assumption, a business value modelling language, e3value was selected, generic (non-misuse) business models were created and four misuse scenarios were modelled. This report showcases the models, discusses strengths and limitations encountered during modelling and draws conclusions with regard to the applicability, usability and utility of e3value models in modelling (Telecom) fraud as well as more generally in Risk Assessment.