Portunes: representing attack scenarios spanning through the physical, digital and social domain

Authors:
Trajce Dimkov;Wolter Pieters;Pieter Hartel
Affiliations:
Distributed and Embedded Security Group, University of Twente, The Netherlands;Distributed and Embedded Security Group, University of Twente, The Netherlands;Distributed and Embedded Security Group, University of Twente, The Netherlands
Venue:
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Year:
2010

Citing 4
Cited 4

KLAIM: A Kernel Language for Agents Interaction and Mobility

IEEE Transactions on Software Engineering
An infrastructure language for open nets

Proceedings of the 2002 ACM symposium on Applied computing
Resource access and mobility control with dynamic privileges acquisition

ICALP'03 Proceedings of the 30th international conference on Automata, languages and programming
Where can an insider attack?

FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust

Effectiveness of Physical, Social and Digital Mechanisms against Laptop Theft in Open Organizations

GREENCOM-CPSCOM '10 Proceedings of the 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing
Benefits of Location-Based Access Control: A Literature Study

GREENCOM-CPSCOM '10 Proceedings of the 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing
Reducing normative conflicts in information security

Proceedings of the 2011 workshop on New security paradigms workshop
A move in the security measurement stalemate: elo-style ratings to quantify vulnerability

Proceedings of the 2012 workshop on New security paradigms

Quantified Score

Hi-index	0.00

Visualization

Abstract

The security goals of an organization are realized through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals by combining physical, digital and social means. A systematic analysis of such attacks requires the whole environment where the insider operates to be formally represented. This paper presents Portunes, a framework which integrates all three security domains in a single environment. Portunes consists of a high-level abstraction model focusing on the relations between the three security domains and a lower abstraction level language able to represent the model and describe attacks which span the three security domains. Using the Portunes framework, we are able to represent a whole new family of attacks where the insider is not assumed to use purely digital actions to achieve a malicious goal.