As reported in the Description of Work document, during its first year the project concentrated its scientific efforts in giving a stable and updated definition of the base concepts. All these concepts have been developed by the deliverables *.1 of the founding work packages: WP2, WP3, WP4, WP5. In particular, the following base topics have been investigated:
• A precise definition of the modern social engineering, its area of application and its effectiveness.
• A detailed analysis of the current status of the existing tools existing on the internet, that can be used to perform SDVA-like penetration tests.
• A theoretic framework of how the attacks are actually created and which competences are needed.
• The ethical and legal challenges of performing SDVAs.
The above mentioned topics embody most of the scientific research performed in DOGANA during the first year integrating the knowledge of the whole consortium. The result is a stable and extensive picture of today’s SE, its role in cybercrime and the ethical and legal challenges ahead. The documents also benefit from the coordination with the CyberROAD project , to the definition of whose roadmap some partners of DOGANA participated (namely: CEF, CNIT, PROPRS, HMOD, Demokritos).
The ground foundations posed by the above mentioned deliverables are used to consistently develop the architecture and design guidelines and the details of all the components of the framework.
The influence of the focus on Legal and Ethics challenges on the work performed during the 1st year
One of the characteristics of DOGANA is that it embodies the ethical and legal constraints since the early stages of the project, thanks to two dedicated WPs and a specific task within the management WP. In practice, this means that DOGANA wants to ensure that the architecture and design guidelines reflect, from the start, the full range of ethical and legal constraints. This has had a major influence on the 1st year of the project, and in particular, has led to the consortium anticipating work to avoid misalignments between the technical stakeholders and the legal and ethical ones.