Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis

Florian Kammüller, Christian W. Probst

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

18 Citations (Scopus)
8 Downloads (Pure)

Abstract

In this paper we revisit the advances made on invalidation policies to explore attack possibilities in organizational models. One aspect that has so far eloped systematic analysis of insider threat is the integration of data into attack scenarios and its exploitation for analyzing the models. We draw from recent insights into generation of insider data to complement a logic based mechanical approach. We show how insider analysis can be traced back to the early days of security verification and the Lowe-attack on NSPK. The invalidation of policies allows modelchecking organizational structures to detect insider attacks. Integration of higher order logic specification techniques allows the use of data refinement to explore attack possibilities beyond the initial system specification. We illustrate this combined invalidation technique on the classical example of the naughty lottery fairy. Data generation techniques support the automatic generation of insider attack data for research. The data generation is however always based on human generated insider attack scenarios that have to be designed based on domain knowledge of counter-intelligence experts. Introducing data refinement and invalidation techniques here allows the systematic exploration of such scenarios and exploit data centric views into insider threat analysis.
Original languageEnglish
Title of host publicationIEEE Security and Privacy Workshops (SPW)
Place of PublicationPiscataway, NJ, USA
PublisherIEEE Computer Society
Pages229-235
Number of pages7
ISBN (Print)9781479951031
DOIs
Publication statusPublished - May 2014

Fingerprint

Data structures
Specifications

Keywords

  • EC Grant Agreement nr.: FP7/2007-2013
  • EC Grant Agreement nr.: FP7/318003

Cite this

Kammüller, F., & Probst, C. W. (2014). Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. In IEEE Security and Privacy Workshops (SPW) (pp. 229-235). Piscataway, NJ, USA: IEEE Computer Society. https://doi.org/10.1109/SPW.2014.45
Kammüller, Florian ; Probst, Christian W. / Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. IEEE Security and Privacy Workshops (SPW). Piscataway, NJ, USA : IEEE Computer Society, 2014. pp. 229-235
@inproceedings{a234ac38ae7e4b8f91f3b526c26a9050,
title = "Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis",
abstract = "In this paper we revisit the advances made on invalidation policies to explore attack possibilities in organizational models. One aspect that has so far eloped systematic analysis of insider threat is the integration of data into attack scenarios and its exploitation for analyzing the models. We draw from recent insights into generation of insider data to complement a logic based mechanical approach. We show how insider analysis can be traced back to the early days of security verification and the Lowe-attack on NSPK. The invalidation of policies allows modelchecking organizational structures to detect insider attacks. Integration of higher order logic specification techniques allows the use of data refinement to explore attack possibilities beyond the initial system specification. We illustrate this combined invalidation technique on the classical example of the naughty lottery fairy. Data generation techniques support the automatic generation of insider attack data for research. The data generation is however always based on human generated insider attack scenarios that have to be designed based on domain knowledge of counter-intelligence experts. Introducing data refinement and invalidation techniques here allows the systematic exploration of such scenarios and exploit data centric views into insider threat analysis.",
keywords = "EC Grant Agreement nr.: FP7/2007-2013, EC Grant Agreement nr.: FP7/318003",
author = "Florian Kamm{\"u}ller and Probst, {Christian W.}",
year = "2014",
month = "5",
doi = "10.1109/SPW.2014.45",
language = "English",
isbn = "9781479951031",
pages = "229--235",
booktitle = "IEEE Security and Privacy Workshops (SPW)",
publisher = "IEEE Computer Society",
address = "United States",

}

Kammüller, F & Probst, CW 2014, Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. in IEEE Security and Privacy Workshops (SPW). IEEE Computer Society, Piscataway, NJ, USA, pp. 229-235. https://doi.org/10.1109/SPW.2014.45

Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. / Kammüller, Florian; Probst, Christian W.

IEEE Security and Privacy Workshops (SPW). Piscataway, NJ, USA : IEEE Computer Society, 2014. p. 229-235.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis

AU - Kammüller, Florian

AU - Probst, Christian W.

PY - 2014/5

Y1 - 2014/5

N2 - In this paper we revisit the advances made on invalidation policies to explore attack possibilities in organizational models. One aspect that has so far eloped systematic analysis of insider threat is the integration of data into attack scenarios and its exploitation for analyzing the models. We draw from recent insights into generation of insider data to complement a logic based mechanical approach. We show how insider analysis can be traced back to the early days of security verification and the Lowe-attack on NSPK. The invalidation of policies allows modelchecking organizational structures to detect insider attacks. Integration of higher order logic specification techniques allows the use of data refinement to explore attack possibilities beyond the initial system specification. We illustrate this combined invalidation technique on the classical example of the naughty lottery fairy. Data generation techniques support the automatic generation of insider attack data for research. The data generation is however always based on human generated insider attack scenarios that have to be designed based on domain knowledge of counter-intelligence experts. Introducing data refinement and invalidation techniques here allows the systematic exploration of such scenarios and exploit data centric views into insider threat analysis.

AB - In this paper we revisit the advances made on invalidation policies to explore attack possibilities in organizational models. One aspect that has so far eloped systematic analysis of insider threat is the integration of data into attack scenarios and its exploitation for analyzing the models. We draw from recent insights into generation of insider data to complement a logic based mechanical approach. We show how insider analysis can be traced back to the early days of security verification and the Lowe-attack on NSPK. The invalidation of policies allows modelchecking organizational structures to detect insider attacks. Integration of higher order logic specification techniques allows the use of data refinement to explore attack possibilities beyond the initial system specification. We illustrate this combined invalidation technique on the classical example of the naughty lottery fairy. Data generation techniques support the automatic generation of insider attack data for research. The data generation is however always based on human generated insider attack scenarios that have to be designed based on domain knowledge of counter-intelligence experts. Introducing data refinement and invalidation techniques here allows the systematic exploration of such scenarios and exploit data centric views into insider threat analysis.

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - EC Grant Agreement nr.: FP7/318003

U2 - 10.1109/SPW.2014.45

DO - 10.1109/SPW.2014.45

M3 - Conference contribution

SN - 9781479951031

SP - 229

EP - 235

BT - IEEE Security and Privacy Workshops (SPW)

PB - IEEE Computer Society

CY - Piscataway, NJ, USA

ER -

Kammüller F, Probst CW. Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. In IEEE Security and Privacy Workshops (SPW). Piscataway, NJ, USA: IEEE Computer Society. 2014. p. 229-235 https://doi.org/10.1109/SPW.2014.45