Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain
|Abstract:||The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. |
An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means.
This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language.
Electrical Engineering, Mathematics and Computer Science (EEMCS)
|Link to this item:||http://purl.utwente.nl/publications/65473|
|Export this item as:||BibTeX|
Show download statistics for this publication
Daily downloads in the past month
Monthly downloads in the past 12 months
Repository Staff Only: item control page