ANKH: Information Threat Analysis with Actor-NetworK Hypergraphs

Wolter Pieters

ANKH: Information Threat Analysis with Actor-NetworK Hypergraphs

Wolter Pieters

Research output: Book/Report › Report › Professional

35 Downloads (Pure)

Abstract

Traditional information security modelling approaches often focus on containment of assets within boundaries. Due to what is called de-perimeterisation, such boundaries, for example in the form of clearly separated company networks, disappear. This paper argues that in a de-perimeterised situation a focus on containment in security modelling is ineffective. Most importantly, the tree structure induced by the notion of containment is insufficient to model the interactions between digital, physical and social aspects of security. We use the sociological framework of actor-network theory to model information security starting from group membership instead of containment. The model is based on hypergraphs, and is also applicable to physical and social security measures. We provide algorithms for threat finding as well as examples.

Original language	Undefined
Place of Publication	Enschede
Publisher	Centre for Telematics and Information Technology (CTIT)
Number of pages	18
Publication status	Published - 2010

Publication series

Name	CTIT Technical Report Series
Publisher	Centre for Telematics and Information Technology, University of Twente
No.	TR-CTIT-10-16
ISSN (Print)	1381-3625

Keywords

Actor-Network Theory
IR-71079
Threat Analysis
security modelling
containment
METIS-276025
EWI-17809
hypergraphs
SCS-Cybersecurity

Access to Document

ANKH-submission
open

Cite this

@book{433ce1826bf74868a28b1d1d55d0b123,

title = "ANKH: Information Threat Analysis with Actor-NetworK Hypergraphs",

abstract = "Traditional information security modelling approaches often focus on containment of assets within boundaries. Due to what is called de-perimeterisation, such boundaries, for example in the form of clearly separated company networks, disappear. This paper argues that in a de-perimeterised situation a focus on containment in security modelling is ineffective. Most importantly, the tree structure induced by the notion of containment is insufficient to model the interactions between digital, physical and social aspects of security. We use the sociological framework of actor-network theory to model information security starting from group membership instead of containment. The model is based on hypergraphs, and is also applicable to physical and social security measures. We provide algorithms for threat finding as well as examples.",

keywords = "Actor-Network Theory, IR-71079, Threat Analysis, security modelling, containment, METIS-276025, EWI-17809, hypergraphs, SCS-Cybersecurity",

author = "Wolter Pieters",

year = "2010",

language = "Undefined",

series = "CTIT Technical Report Series",

publisher = "Centre for Telematics and Information Technology (CTIT)",

number = "TR-CTIT-10-16",

address = "Netherlands",

}

TY - BOOK

T1 - ANKH: Information Threat Analysis with Actor-NetworK Hypergraphs

AU - Pieters, Wolter

PY - 2010

Y1 - 2010

N2 - Traditional information security modelling approaches often focus on containment of assets within boundaries. Due to what is called de-perimeterisation, such boundaries, for example in the form of clearly separated company networks, disappear. This paper argues that in a de-perimeterised situation a focus on containment in security modelling is ineffective. Most importantly, the tree structure induced by the notion of containment is insufficient to model the interactions between digital, physical and social aspects of security. We use the sociological framework of actor-network theory to model information security starting from group membership instead of containment. The model is based on hypergraphs, and is also applicable to physical and social security measures. We provide algorithms for threat finding as well as examples.

AB - Traditional information security modelling approaches often focus on containment of assets within boundaries. Due to what is called de-perimeterisation, such boundaries, for example in the form of clearly separated company networks, disappear. This paper argues that in a de-perimeterised situation a focus on containment in security modelling is ineffective. Most importantly, the tree structure induced by the notion of containment is insufficient to model the interactions between digital, physical and social aspects of security. We use the sociological framework of actor-network theory to model information security starting from group membership instead of containment. The model is based on hypergraphs, and is also applicable to physical and social security measures. We provide algorithms for threat finding as well as examples.

KW - Actor-Network Theory

KW - IR-71079

KW - Threat Analysis

KW - security modelling

KW - containment

KW - METIS-276025

KW - EWI-17809

KW - hypergraphs

KW - SCS-Cybersecurity

M3 - Report

T3 - CTIT Technical Report Series

BT - ANKH: Information Threat Analysis with Actor-NetworK Hypergraphs

PB - Centre for Telematics and Information Technology (CTIT)

CY - Enschede

ER -