KLAIM: A Kernel Language for Agents Interaction and Mobility
IEEE Transactions on Software Engineering
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Privilege Graph: an Extension to the Typed Access Matrix Model
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Flow logic: a multi-paradigmatic approach to static analysis
The essence of computation
Towards a Theory of Insider Threat Assessment
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
An extensible analysable system model
Information Security Tech. Report
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Portunes: representing attack scenarios spanning through the physical, digital and social domain
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Flow Logic for Process Calculi
ACM Computing Surveys (CSUR)
Obligations to enforce prohibitions: on the adequacy of security policies
Proceedings of the 6th International Conference on Security of Information and Networks
Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits
ACM Transactions on Management Information Systems (TMIS) - Special Issue on Informatics for Smart Health and Wellbeing
Hi-index | 0.00 |
By definition an insider has better access, is more trusted, and has better information about internal procedures, high-value targets, and potential weak spots in the security, than an outsider. Consequently, an insider attack has the potential to cause significant, even catastrophic, damage to the targeted organisation. While the problem is well recognised in the security community as well as in law-enforcement and intelligence communities, the main resort still is to audit log files after the fact. There has been little research into developing models, automated tools, and techniques for analysing and solving (parts of) the problem. In this paper we first develop a formal model of systems, that can describe real-world scenarios. These high-level models are then mapped to acKlaim, a process algebra with support for access control, that is used to study and analyse properties of the modelled systems. Our analysis of processes identifies which actions may be performed by whom, at which locations, accessing which data. This allows to compute a superset of audit results--before an incident occurs.