On the inability of existing security models to cope with data mobility in dynamic organizations


Dimkov, Trajce and Tang, Qiang and Hartel, Pieter (2008) On the inability of existing security models to cope with data mobility in dynamic organizations. In: Workshop on Modeling Security, MODSEC 2008, 28 Sep 2008, Toulouse, France (pp. pp. 1-13).

open access
Abstract:Modeling tools play an important role in identifying threats in traditional
IT systems, where the physical infrastructure and roles are assumed
to be static. In dynamic organizations, the mobility of data outside the
organizational perimeter causes an increased level of threats such as the
loss of confidential data and the loss of reputation. We show that current
modeling tools are not powerful enough to help the designer identify the
emerging threats due to mobility of data and change of roles, because they
do not include the mobility of IT systems nor the organizational dynamics
in the security model. Researchers have proposed security models that
particularly focus on data mobility and the dynamics of modern organizations,
such as frequent role changes of a person. We show that none
of the current security models simultaneously considers the data mobility
and organizational dynamics to a satisfactory extent. As a result, none
of the current security models effectively identifies the potential security
threats caused by data mobility in a dynamic organization.
Item Type:Conference or Workshop Item
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/64979
Official URL:http://ftp.informatik.rwth-aachen.de/Publications/CEUR-WS/Vol-413/paper18.pdf
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page

Metis ID: 254889