On the inability of existing security models to cope with data mobility in dynamic organizations

T. Dimkov, Qiang Tang, Pieter H. Hartel

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

    22 Downloads (Pure)

    Abstract

    Modeling tools play an important role in identifying threats in traditional IT systems, where the physical infrastructure and roles are assumed to be static. In dynamic organizations, the mobility of data outside the organizational perimeter causes an increased level of threats such as the loss of confidential data and the loss of reputation. We show that current modeling tools are not powerful enough to help the designer identify the emerging threats due to mobility of data and change of roles, because they do not include the mobility of IT systems nor the organizational dynamics in the security model. Researchers have proposed security models that particularly focus on data mobility and the dynamics of modern organizations, such as frequent role changes of a person. We show that none of the current security models simultaneously considers the data mobility and organizational dynamics to a satisfactory extent. As a result, none of the current security models effectively identifies the potential security threats caused by data mobility in a dynamic organization.
    Original languageUndefined
    Title of host publicationProceedings of the Workshop on Modeling Security (MODSEC08)
    EditorsJon Whittle, Jan Jürjens, Bashar Nuseibeh, Glen Dobson
    Place of PublicationAachen
    PublisherCEUR
    Pages18
    Publication statusPublished - 3 Sep 2008
    EventWorkshop on Modeling Security, MODSEC 2008 - Toulouse, France
    Duration: 28 Sep 200828 Sep 2008

    Publication series

    NameCEUR Workshop Proceedings
    PublisherCEUR
    Number2
    Volume413
    ISSN (Print)1613-0073

    Workshop

    WorkshopWorkshop on Modeling Security, MODSEC 2008
    Period28/09/0828/09/08
    Other28 Sep 2008

    Keywords

    • EWI-13429
    • METIS-254889
    • IR-64979
    • SCS-Cybersecurity

    Cite this