Modeling and verification of insider threats using logical analysis

Florian Kammüller; Christian W. Probst

doi:10.1109/JSYST.2015.2453215

Modeling and verification of insider threats using logical analysis

Florian Kammüller, Christian W. Probst

Research output: Contribution to journal › Article › Academic › peer-review

20 Citations (Scopus)

23 Downloads (Pure)

Abstract

In this paper, we combine formal modeling and analysis of infrastructures of organizations with sociological explanation to provide a framework for insider threat analysis. We use the higher order logic (HOL) proof assistant Isabelle/HOL to support this framework. In the formal model, we exhibit and use a common trick from the formal verification of security protocols, showing that it is applicable to insider threats. We introduce briefly a three-step process of social explanation, illustrating that it can be applied fruitfully to the characterization of insider threats. We introduce the insider theory constructed in Isabelle that implements this process of social explanation. To validate that the social explanation is generally useful for the analysis of insider threats and to demonstrate our framework, we model and verify the insider threat patterns of entitled independent and Ambitious Leader in our Isabelle/HOL framework.

Original language	English
Pages (from-to)	534-545
Number of pages	12
Journal	IEEE systems journal
Volume	11
Issue number	2
DOIs	https://doi.org/10.1109/JSYST.2015.2453215
Publication status	Published - 2016

Keywords

EC Grant Agreement nr.: FP7/318003
SCS-Cybersecurity
Formal modeling
EC Grant Agreement nr.: FP7/2007-2013
Automated verification
Insider threats
n/a OA procedure

Access to Document

10.1109/JSYST.2015.2453215

Cite this

@article{5c8f76c9d2db485b9f5cf7734912c5ae,

title = "Modeling and verification of insider threats using logical analysis",

abstract = "In this paper, we combine formal modeling and analysis of infrastructures of organizations with sociological explanation to provide a framework for insider threat analysis. We use the higher order logic (HOL) proof assistant Isabelle/HOL to support this framework. In the formal model, we exhibit and use a common trick from the formal verification of security protocols, showing that it is applicable to insider threats. We introduce briefly a three-step process of social explanation, illustrating that it can be applied fruitfully to the characterization of insider threats. We introduce the insider theory constructed in Isabelle that implements this process of social explanation. To validate that the social explanation is generally useful for the analysis of insider threats and to demonstrate our framework, we model and verify the insider threat patterns of entitled independent and Ambitious Leader in our Isabelle/HOL framework.",

keywords = "EC Grant Agreement nr.: FP7/318003, SCS-Cybersecurity, Formal modeling, EC Grant Agreement nr.: FP7/2007-2013, Automated verification, Insider threats, n/a OA procedure",

author = "Florian Kamm{\"u}ller and Probst, {Christian W.}",

year = "2016",

doi = "10.1109/JSYST.2015.2453215",

language = "English",

volume = "11",

pages = "534--545",

journal = "IEEE systems journal",

issn = "1932-8184",

publisher = "IEEE",

number = "2",

}

TY - JOUR

T1 - Modeling and verification of insider threats using logical analysis

AU - Kammüller, Florian

AU - Probst, Christian W.

PY - 2016

Y1 - 2016

N2 - In this paper, we combine formal modeling and analysis of infrastructures of organizations with sociological explanation to provide a framework for insider threat analysis. We use the higher order logic (HOL) proof assistant Isabelle/HOL to support this framework. In the formal model, we exhibit and use a common trick from the formal verification of security protocols, showing that it is applicable to insider threats. We introduce briefly a three-step process of social explanation, illustrating that it can be applied fruitfully to the characterization of insider threats. We introduce the insider theory constructed in Isabelle that implements this process of social explanation. To validate that the social explanation is generally useful for the analysis of insider threats and to demonstrate our framework, we model and verify the insider threat patterns of entitled independent and Ambitious Leader in our Isabelle/HOL framework.

AB - In this paper, we combine formal modeling and analysis of infrastructures of organizations with sociological explanation to provide a framework for insider threat analysis. We use the higher order logic (HOL) proof assistant Isabelle/HOL to support this framework. In the formal model, we exhibit and use a common trick from the formal verification of security protocols, showing that it is applicable to insider threats. We introduce briefly a three-step process of social explanation, illustrating that it can be applied fruitfully to the characterization of insider threats. We introduce the insider theory constructed in Isabelle that implements this process of social explanation. To validate that the social explanation is generally useful for the analysis of insider threats and to demonstrate our framework, we model and verify the insider threat patterns of entitled independent and Ambitious Leader in our Isabelle/HOL framework.

KW - EC Grant Agreement nr.: FP7/318003

KW - SCS-Cybersecurity

KW - Formal modeling

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - Automated verification

KW - Insider threats

KW - n/a OA procedure

U2 - 10.1109/JSYST.2015.2453215

DO - 10.1109/JSYST.2015.2453215

M3 - Article

SN - 1932-8184

VL - 11

SP - 534

EP - 545

JO - IEEE systems journal

JF - IEEE systems journal

IS - 2

ER -

Modeling and verification of insider threats using logical analysis

Abstract

Keywords

Access to Document

Fingerprint

Cite this