Invalidating policies using structural information

Florian Kammüller, Christian W. Probst

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    21 Citations (Scopus)
    4 Downloads (Pure)

    Abstract

    Insider threats are a major threat to many organisations. Even worse, insider attacks are usually hard to detect, especially if an attack is based on actions that the attacker has the right to perform. In this paper we present a step towards detecting the risk for this kind of attacks by invalidating policies using structural information of the organisational model. Based on this structural information and a description of the organisation’s policies, our approach invalidates the policies and identifies exemplary sequences of actions that lead to a violation of the policy in question. Based on these examples, the organisation can identify real attack vectors that might result in an insider attack. This information can be used to refine access control system or policies.
    Original languageEnglish
    Title of host publicationIEEE Security and Privacy Workshops (SPW 2013)
    Place of PublicationLos Alamitos, CA, USA
    PublisherIEEE Computer Society
    Pages76-81
    Number of pages6
    ISBN (Print)978-1-4799-0458-7
    DOIs
    Publication statusPublished - May 2013
    EventIEEE Security and Privacy Workshops, SPW 2013 - San Francisco, United States
    Duration: 23 May 201324 May 2013

    Workshop

    WorkshopIEEE Security and Privacy Workshops, SPW 2013
    CountryUnited States
    CitySan Francisco
    Period23/05/1324/05/13

    Fingerprint

    Access control
    Control systems

    Keywords

    • EC Grant Agreement nr.: FP7/2007-2013
    • EC Grant Agreement nr.: FP7/318003
    • Policies
    • Insider threats
    • Formal methods

    Cite this

    Kammüller, F., & Probst, C. W. (2013). Invalidating policies using structural information. In IEEE Security and Privacy Workshops (SPW 2013) (pp. 76-81). Los Alamitos, CA, USA: IEEE Computer Society. https://doi.org/10.1109/SPW.2013.36
    Kammüller, Florian ; Probst, Christian W. / Invalidating policies using structural information. IEEE Security and Privacy Workshops (SPW 2013). Los Alamitos, CA, USA : IEEE Computer Society, 2013. pp. 76-81
    @inproceedings{2431952a410d46488104edd60c446fd4,
    title = "Invalidating policies using structural information",
    abstract = "Insider threats are a major threat to many organisations. Even worse, insider attacks are usually hard to detect, especially if an attack is based on actions that the attacker has the right to perform. In this paper we present a step towards detecting the risk for this kind of attacks by invalidating policies using structural information of the organisational model. Based on this structural information and a description of the organisation’s policies, our approach invalidates the policies and identifies exemplary sequences of actions that lead to a violation of the policy in question. Based on these examples, the organisation can identify real attack vectors that might result in an insider attack. This information can be used to refine access control system or policies.",
    keywords = "EC Grant Agreement nr.: FP7/2007-2013, EC Grant Agreement nr.: FP7/318003, Policies, Insider threats, Formal methods",
    author = "Florian Kamm{\"u}ller and Probst, {Christian W.}",
    year = "2013",
    month = "5",
    doi = "10.1109/SPW.2013.36",
    language = "English",
    isbn = "978-1-4799-0458-7",
    pages = "76--81",
    booktitle = "IEEE Security and Privacy Workshops (SPW 2013)",
    publisher = "IEEE Computer Society",
    address = "United States",

    }

    Kammüller, F & Probst, CW 2013, Invalidating policies using structural information. in IEEE Security and Privacy Workshops (SPW 2013). IEEE Computer Society, Los Alamitos, CA, USA, pp. 76-81, IEEE Security and Privacy Workshops, SPW 2013, San Francisco, United States, 23/05/13. https://doi.org/10.1109/SPW.2013.36

    Invalidating policies using structural information. / Kammüller, Florian; Probst, Christian W.

    IEEE Security and Privacy Workshops (SPW 2013). Los Alamitos, CA, USA : IEEE Computer Society, 2013. p. 76-81.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Invalidating policies using structural information

    AU - Kammüller, Florian

    AU - Probst, Christian W.

    PY - 2013/5

    Y1 - 2013/5

    N2 - Insider threats are a major threat to many organisations. Even worse, insider attacks are usually hard to detect, especially if an attack is based on actions that the attacker has the right to perform. In this paper we present a step towards detecting the risk for this kind of attacks by invalidating policies using structural information of the organisational model. Based on this structural information and a description of the organisation’s policies, our approach invalidates the policies and identifies exemplary sequences of actions that lead to a violation of the policy in question. Based on these examples, the organisation can identify real attack vectors that might result in an insider attack. This information can be used to refine access control system or policies.

    AB - Insider threats are a major threat to many organisations. Even worse, insider attacks are usually hard to detect, especially if an attack is based on actions that the attacker has the right to perform. In this paper we present a step towards detecting the risk for this kind of attacks by invalidating policies using structural information of the organisational model. Based on this structural information and a description of the organisation’s policies, our approach invalidates the policies and identifies exemplary sequences of actions that lead to a violation of the policy in question. Based on these examples, the organisation can identify real attack vectors that might result in an insider attack. This information can be used to refine access control system or policies.

    KW - EC Grant Agreement nr.: FP7/2007-2013

    KW - EC Grant Agreement nr.: FP7/318003

    KW - Policies

    KW - Insider threats

    KW - Formal methods

    U2 - 10.1109/SPW.2013.36

    DO - 10.1109/SPW.2013.36

    M3 - Conference contribution

    SN - 978-1-4799-0458-7

    SP - 76

    EP - 81

    BT - IEEE Security and Privacy Workshops (SPW 2013)

    PB - IEEE Computer Society

    CY - Los Alamitos, CA, USA

    ER -

    Kammüller F, Probst CW. Invalidating policies using structural information. In IEEE Security and Privacy Workshops (SPW 2013). Los Alamitos, CA, USA: IEEE Computer Society. 2013. p. 76-81 https://doi.org/10.1109/SPW.2013.36