Portunes: analyzing multi-domain insider threats

T. Dimkov, Wolter Pieters, Pieter H. Hartel

    Research output: Book/ReportReportProfessional

    32 Downloads (Pure)

    Abstract

    The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages36
    Publication statusPublished - Nov 2010

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.TR-CTIT-10-39
    ISSN (Print)1381-3625

    Keywords

    • METIS-270931
    • Insider Threat
    • EWI-18189
    • security model
    • security awareness
    • physical security
    • SCS-Cybersecurity
    • IR-74325

    Cite this

    Dimkov, T., Pieters, W., & Hartel, P. H. (2010). Portunes: analyzing multi-domain insider threats. (CTIT Technical Report Series; No. TR-CTIT-10-39). Enschede: Centre for Telematics and Information Technology (CTIT).