Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

Share/Save/Bookmark

Dimkov, T. and Pieters, W. and Hartel, P.H. (2009) Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain. [Report]

[img]
Preview
PDF
221Kb
Abstract:The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness.
An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means.
This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language.
Item Type:Report
Faculty:
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/65473
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page