Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

T. Dimkov, Wolter Pieters, Pieter H. Hartel

    Research output: Book/ReportReportProfessional

    37 Downloads (Pure)

    Abstract

    The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages17
    Publication statusPublished - 24 Apr 2009

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.TR-CTIT-09-15
    ISSN (Print)1381-3625

    Keywords

    • EWI-15308
    • SCS-Cybersecurity
    • physical security
    • METIS-263827
    • Insider Threat
    • IR-65473
    • security awareness
    • security model

    Cite this