Portunes: analyzing multi-domain insider threats

Research output: Book/ReportReportProfessional

29 Downloads (Pure)

Abstract

The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties.
Original languageUndefined
Place of PublicationEnschede
PublisherCentre for Telematics and Information Technology (CTIT)
Number of pages36
Publication statusPublished - Nov 2010

Publication series

NameCTIT Technical Report Series
PublisherCentre for Telematics and Information Technology, University of Twente
No.TR-CTIT-10-39
ISSN (Print)1381-3625

Keywords

  • METIS-270931
  • Insider Threat
  • EWI-18189
  • security model
  • security awareness
  • physical security
  • SCS-Cybersecurity
  • IR-74325

Cite this

Dimkov, T., Pieters, W., & Hartel, P. H. (2010). Portunes: analyzing multi-domain insider threats. (CTIT Technical Report Series; No. TR-CTIT-10-39). Enschede: Centre for Telematics and Information Technology (CTIT).
Dimkov, T. ; Pieters, Wolter ; Hartel, Pieter H. / Portunes: analyzing multi-domain insider threats. Enschede : Centre for Telematics and Information Technology (CTIT), 2010. 36 p. (CTIT Technical Report Series; TR-CTIT-10-39).
@book{5901e04e10c848e1824a9aecb313fe8b,
title = "Portunes: analyzing multi-domain insider threats",
abstract = "The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties.",
keywords = "METIS-270931, Insider Threat, EWI-18189, security model, security awareness, physical security, SCS-Cybersecurity, IR-74325",
author = "T. Dimkov and Wolter Pieters and Hartel, {Pieter H.}",
year = "2010",
month = "11",
language = "Undefined",
series = "CTIT Technical Report Series",
publisher = "Centre for Telematics and Information Technology (CTIT)",
number = "TR-CTIT-10-39",
address = "Netherlands",

}

Dimkov, T, Pieters, W & Hartel, PH 2010, Portunes: analyzing multi-domain insider threats. CTIT Technical Report Series, no. TR-CTIT-10-39, Centre for Telematics and Information Technology (CTIT), Enschede.

Portunes: analyzing multi-domain insider threats. / Dimkov, T.; Pieters, Wolter; Hartel, Pieter H.

Enschede : Centre for Telematics and Information Technology (CTIT), 2010. 36 p. (CTIT Technical Report Series; No. TR-CTIT-10-39).

Research output: Book/ReportReportProfessional

TY - BOOK

T1 - Portunes: analyzing multi-domain insider threats

AU - Dimkov, T.

AU - Pieters, Wolter

AU - Hartel, Pieter H.

PY - 2010/11

Y1 - 2010/11

N2 - The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties.

AB - The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties.

KW - METIS-270931

KW - Insider Threat

KW - EWI-18189

KW - security model

KW - security awareness

KW - physical security

KW - SCS-Cybersecurity

KW - IR-74325

M3 - Report

T3 - CTIT Technical Report Series

BT - Portunes: analyzing multi-domain insider threats

PB - Centre for Telematics and Information Technology (CTIT)

CY - Enschede

ER -

Dimkov T, Pieters W, Hartel PH. Portunes: analyzing multi-domain insider threats. Enschede: Centre for Telematics and Information Technology (CTIT), 2010. 36 p. (CTIT Technical Report Series; TR-CTIT-10-39).