Socio-Technical Physical Systems; Modelling Security and Policies
Résumé :
[en] A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats.
We study this question formally. We model the information flow defined by what the organization's employees do (copy, move, and destroy information) and propose an algorithm that enforces a policy on the model, before checking against an adversary if a security requirement holds.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
MAUW, Sjouke ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
OUCHANI, Samir ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Co-auteurs externes :
no
Langue du document :
Anglais
Titre :
Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems
Date de publication/diffusion :
2016
Nom de la manifestation :
12th International Workshop on Security and Trust Management
Lieu de la manifestation :
Heraklion, Grèce
Date de la manifestation :
from 26-09-2016 to 27-09-2016
Manifestation à portée :
International
Titre de l'ouvrage principal :
Security and Trust Management - STM 2016
Editeur scientifique :
Barthe, Gilles
Markatos, Evangelos
Maison d'édition :
Springer-Verlag
Peer reviewed :
Peer reviewed
Focus Area :
Computational Sciences
Projet européen :
FP7 - 318003 - TRESPASS - Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security
Projet FnR :
FNR1183245 - Socio-technical Analysis Of Security And Trust, 2011 (01/05/2012-30/04/2015) - Peter Y. A. Ryan
Cremers, C., Mauw, S.: Operational Semantics and Verification of Security Protocols. Information Security and Cryptography. Springer, Heidelberg (2012)
Baxter, G., Sommerville, I.: Socio-technical systems: from design methods to systems engineering. Interact. Comput. 23 (1), 4–17 (2011)
De Nicola, R., Ferrari, G.L., Pugliese, R.: KLAIM: a kernel language for agents interaction and mobility. IEEE Trans. Softw. Eng. 24 (5), 315–330 (1998)
Meadows, C., Pavlovic, D.: Formalizing physical security procedures. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 193–208. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38004-4_13
Sommestad, T., Ekstedt, M., Holm, H.: The cyber security modeling language: a tool for assessing the vulnerability of enterprise system architectures. IEEE Syst. J. 7 (3), 363–373 (2013)
Dimkov, T., Pieters, W., Hartel, P.: Portunes: representing attack scenarios spanning through the physical, digital and social domain. In: Armando, A., Lowe, G. (eds.) ARSPA-WITS 2010. LNCS, vol. 6186, pp. 112–129. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-16074-5_9
Fong, P.W.L.: Relationship-based access control: protection model and policy language. In: The First ACM Conference on Data and Application Security and Privacy, CODASPY 2011, pp. 191–202 (2011)
Jaume, M.: Semantic comparison of security policies: from access control policies to flow properties. In: IEEE Symposium on Security and Privacy, pp. 60–67 (2012)
Ranise, S., Traverso, R.: ALPS: an action language for policy specification and automated safety analysis. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 146–161. Springer, Heidelberg (2014)
Tschantz, M.C., Datta, A., Wing, J.M.: Formalizing and enforcing purpose restrictions in privacy policies. In: IEEE Symposium on Security and Privacy, pp. 176–190 (2012)
Hartel, P., Eck, P., Etalle, S., Wieringa, R.: Modelling mobility aspects of security policies. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 172–191. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30569-9_9
Ch, B., Katoen, J.-P.: Principles of Model Checking. MIT Press, Cambridge (2008)
