Attack tree analysis for insider threats on the IoT using isabelle

Florian Kammüller, Jason R. C. Nurse, Christian W. Probst

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

The Internet-of-Things (IoT) aims at integrating small devices around humans. The threat from human insiders in "regular" organisations is real; in a fully-connected world of the IoT, organisations face a substantially more severe security challenge due to unexpected access possibilities and information flow. In this paper, we seek to illustrate and classify insider threats in relation to the IoT (by ‘smart insiders’), exhibiting attack vectors for their characterisation. To model the attacks we apply a method of formal modelling of Insider Threats in the interactive theorem prover Isabelle. On the classified IoT attack examples, we show how this logical approach can be used to make the models more precise and to analyse the previously identified Insider IoT attacks using Isabelle attack trees.
Original languageEnglish
Title of host publicationHuman Aspects of Information Security, Privacy, and Trust : 4th International Conference, HAS 2016, Held as Part of HCI International 2016, Toronto, ON, Canada, July 17-22, 2016, Proceedings
EditorsTheo Tryfonas
Number of pages13
Volume9750
PublisherSpringer
Publication date2016
Pages234-246
ISBN (Print)978-3-319-39380-3
ISBN (Electronic)978-3-319-39381-0
DOIs
Publication statusPublished - 2016
Event4th International Conference on Human Aspects of Information Security, Privacy and Trust (HAS 2016): Part of HCI International 2016 - Toronto, Canada
Duration: 17 Jul 201622 Jul 2016
Conference number: 4
http://2016.hci.international/has

Conference

Conference4th International Conference on Human Aspects of Information Security, Privacy and Trust (HAS 2016)
Number4
CountryCanada
CityToronto
Period17/07/201622/07/2016
Internet address
SeriesLecture Notes in Computer Science
ISSN0302-9743

Fingerprint Dive into the research topics of 'Attack tree analysis for insider threats on the IoT using isabelle'. Together they form a unique fingerprint.

Cite this