Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

T. Dimkov; Wolter Pieters; Pieter H. Hartel

Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

T. Dimkov, Wolter Pieters, Pieter H. Hartel

Research output: Book/Report › Report › Professional

69 Downloads (Pure)

Abstract

The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language.

Original language	Undefined
Place of Publication	Enschede
Publisher	Centre for Telematics and Information Technology (CTIT)
Number of pages	17
Publication status	Published - 24 Apr 2009

Publication series

Name	CTIT Technical Report Series
Publisher	Centre for Telematics and Information Technology, University of Twente
No.	TR-CTIT-09-15
ISSN (Print)	1381-3625

Keywords

EWI-15308
SCS-Cybersecurity
physical security
METIS-263827
Insider Threat
IR-65473
security awareness
security model

Access to Document

Cite this

@book{d3d4654abed3442ba5ba68b7ecd98f4a,

title = "Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain",

abstract = "The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language.",

keywords = "EWI-15308, SCS-Cybersecurity, physical security, METIS-263827, Insider Threat, IR-65473, security awareness, security model",

author = "T. Dimkov and Wolter Pieters and Hartel, {Pieter H.}",

year = "2009",

month = apr,

day = "24",

language = "Undefined",

series = "CTIT Technical Report Series",

publisher = "Centre for Telematics and Information Technology (CTIT)",

number = "TR-CTIT-09-15",

address = "Netherlands",

}

TY - BOOK

T1 - Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

AU - Dimkov, T.

AU - Pieters, Wolter

AU - Hartel, Pieter H.

PY - 2009/4/24

Y1 - 2009/4/24

N2 - The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language.

AB - The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language.

KW - EWI-15308

KW - SCS-Cybersecurity

KW - physical security

KW - METIS-263827

KW - Insider Threat

KW - IR-65473

KW - security awareness

KW - security model

M3 - Report

T3 - CTIT Technical Report Series

BT - Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

PB - Centre for Telematics and Information Technology (CTIT)

CY - Enschede

ER -