A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow defined by what the organization’s employees do (copy, move, and destroy information) and propose an algorithm that enforces a policy on the model, before checking against an adversary if a security requirement holds.
|Name||Lecture notes in computer science|
|Conference||12th International Workshop on Security and Trust Management, STM 2016|
|City||Heraklion, Crete, Greece|
|Period||17/09/16 → …|
- EC Grant Agreement nr.: FP7/318003
- EC Grant Agreement nr.: FP7/2007-2013
- Socio-Technical-Physical Systems · Modelling security and policies