Traditional information security modelling approaches often focus on containment of assets within boundaries. Due to what is called de-perimeterisation, such boundaries, for example in the form of clearly separated company networks, disappear. This paper argues that in a de-perimeterised situation a focus on containment in security modelling is ineffective. Most importantly, the tree structure induced by the notion of containment is insufficient to model the interactions between digital, physical and social aspects of security. We use the sociological framework of actor-network theory to model information security starting from group membership instead of containment. The model is based on hypergraphs, and is also applicable to physical and social security measures. We provide algorithms for threat finding as well as examples.
|Name||CTIT Technical Report Series|
|Publisher||Centre for Telematics and Information Technology, University of Twente|
- Actor-Network Theory
- Threat Analysis
- security modelling