Where can an insider attack?

Authors:
Christian W. Probst;René Rydhof Hansen;Flemming Nielson
Affiliations:
Informatics and Mathematical Modelling, Technical University of Denmark;Department of Computer Science, University of Copenhagen;Informatics and Mathematical Modelling, Technical University of Denmark
Venue:
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Year:
2006

Citing 7
Cited 6

KLAIM: A Kernel Language for Agents Interaction and Mobility

IEEE Transactions on Software Engineering
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security

IEEE Transactions on Software Engineering
Privilege Graph: an Extension to the Typed Access Matrix Model

ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Flow logic: a multi-paradigmatic approach to static analysis

The essence of computation
Towards a Theory of Insider Threat Assessment

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Sandboxing in myKlaim

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
The insider problem revisited

NSPW '05 Proceedings of the 2005 workshop on New security paradigms

An extensible analysable system model

Information Security Tech. Report
Fluid information systems

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Portunes: representing attack scenarios spanning through the physical, digital and social domain

ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Flow Logic for Process Calculi

ACM Computing Surveys (CSUR)
Obligations to enforce prohibitions: on the adequacy of security policies

Proceedings of the 6th International Conference on Security of Information and Networks
Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits

ACM Transactions on Management Information Systems (TMIS) - Special Issue on Informatics for Smart Health and Wellbeing

Quantified Score

Hi-index	0.00

Visualization

Abstract

By definition an insider has better access, is more trusted, and has better information about internal procedures, high-value targets, and potential weak spots in the security, than an outsider. Consequently, an insider attack has the potential to cause significant, even catastrophic, damage to the targeted organisation. While the problem is well recognised in the security community as well as in law-enforcement and intelligence communities, the main resort still is to audit log files after the fact. There has been little research into developing models, automated tools, and techniques for analysing and solving (parts of) the problem. In this paper we first develop a formal model of systems, that can describe real-world scenarios. These high-level models are then mapped to acKlaim, a process algebra with support for access control, that is used to study and analyse properties of the modelled systems. Our analysis of processes identifies which actions may be performed by whom, at which locations, accessing which data. This allows to compute a superset of audit results--before an incident occurs.