Portunes: analyzing multi-domain insider threats

    Research output: Book/ReportReportProfessional

    29 Downloads (Pure)

    Abstract

    The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages36
    Publication statusPublished - Nov 2010

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.TR-CTIT-10-39
    ISSN (Print)1381-3625

    Keywords

    • METIS-270931
    • Insider Threat
    • EWI-18189
    • security model
    • security awareness
    • physical security
    • SCS-Cybersecurity
    • IR-74325

    Cite this

    Dimkov, T., Pieters, W., & Hartel, P. H. (2010). Portunes: analyzing multi-domain insider threats. (CTIT Technical Report Series; No. TR-CTIT-10-39). Enschede: Centre for Telematics and Information Technology (CTIT).
    Dimkov, T. ; Pieters, Wolter ; Hartel, Pieter H. / Portunes: analyzing multi-domain insider threats. Enschede : Centre for Telematics and Information Technology (CTIT), 2010. 36 p. (CTIT Technical Report Series; TR-CTIT-10-39).
    @book{5901e04e10c848e1824a9aecb313fe8b,
    title = "Portunes: analyzing multi-domain insider threats",
    abstract = "The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties.",
    keywords = "METIS-270931, Insider Threat, EWI-18189, security model, security awareness, physical security, SCS-Cybersecurity, IR-74325",
    author = "T. Dimkov and Wolter Pieters and Hartel, {Pieter H.}",
    year = "2010",
    month = "11",
    language = "Undefined",
    series = "CTIT Technical Report Series",
    publisher = "Centre for Telematics and Information Technology (CTIT)",
    number = "TR-CTIT-10-39",
    address = "Netherlands",

    }

    Dimkov, T, Pieters, W & Hartel, PH 2010, Portunes: analyzing multi-domain insider threats. CTIT Technical Report Series, no. TR-CTIT-10-39, Centre for Telematics and Information Technology (CTIT), Enschede.

    Portunes: analyzing multi-domain insider threats. / Dimkov, T.; Pieters, Wolter; Hartel, Pieter H.

    Enschede : Centre for Telematics and Information Technology (CTIT), 2010. 36 p. (CTIT Technical Report Series; No. TR-CTIT-10-39).

    Research output: Book/ReportReportProfessional

    TY - BOOK

    T1 - Portunes: analyzing multi-domain insider threats

    AU - Dimkov, T.

    AU - Pieters, Wolter

    AU - Hartel, Pieter H.

    PY - 2010/11

    Y1 - 2010/11

    N2 - The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties.

    AB - The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties.

    KW - METIS-270931

    KW - Insider Threat

    KW - EWI-18189

    KW - security model

    KW - security awareness

    KW - physical security

    KW - SCS-Cybersecurity

    KW - IR-74325

    M3 - Report

    T3 - CTIT Technical Report Series

    BT - Portunes: analyzing multi-domain insider threats

    PB - Centre for Telematics and Information Technology (CTIT)

    CY - Enschede

    ER -

    Dimkov T, Pieters W, Hartel PH. Portunes: analyzing multi-domain insider threats. Enschede: Centre for Telematics and Information Technology (CTIT), 2010. 36 p. (CTIT Technical Report Series; TR-CTIT-10-39).