Back to University of Twente portal
CRAC: Confidentiality Risk Assessment and IT-Infrastructure Comparison
Morali, Ayse and Zambon, Emmanuele and Etalle, Sandro and Wieringa, Roel (2010) CRAC: Confidentiality Risk Assessment and IT-Infrastructure Comparison. In: 25th IFIP International Information Security Conference, SEC 2010: "Security & Privacy - Silver Linings in the Cloud", 20-23 Sep 2010, Brisbane, Australia. (In Press)
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png) | PDF Restricted to UT campus only: Request a copy 301Kb |
| Abstract: | In this paper we present CRAC, an IT infrastructure-based method for assessing and comparing confidentiality risks of IT based collaborations. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets and user credentials), and the paths that may be followed by different attackers (e.g. insider, outsider and outsourcer). We also show how the CRAC-method can be applied in practice and we evaluate its effectiveness by applying it to a real-world outsourcing case. |
| Item Type: | Conference or Workshop Item |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/71369 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page