A new security policy for distributed resource management and access control
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Access control in federated systems
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Formal Methods in System Design - Special issue on The First Federated Logic Conference (FLOC'96), part II
Prisoner's Dilemma
Towards a Theory of Insider Threat Assessment
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
We have met the enemy and he is us
Proceedings of the 2008 workshop on New security paradigms
Training general users on the non-policy side of the IS program
2010 Information Security Curriculum Development Conference
Hi-index | 0.00 |
This paper presents a principled approach to one of the many little studied aspects of computer security which relate to human behavior. Advantages of involving users who usually have strong analytic ability to detect violations and threats but not primarily responsible for security have been well emphasized in the literature. In this work we propose a reinforcement framework for enabling collaborative monitoring of policy violations by the users. We define a payoff model to formalize the reinforcement framework. The model stipulates appropriate payoffs as reward, punishment, and community price according to reporting of genuine or false violations, non-reporting of the detected violations, and proactive reporting of vulnerabilities and threats by the users. We define probabilistic robustness property of the resulting system and constraints for economic feasibility of the payoffs. For estimating the parameters in the payoff model, system and user behaviors are modeled in terms of probabilistic finite state machines (PFSM) and likelihood of the success of the model is specified using Probabilistic Computation Tree Logic (PCTL). PRISM model checker based automated quantitative analysis elicits the process of the estimation of various parameters in the model using PFSMs and PCTL formulas.