Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis

Florian Kammuller; Christian W. Probst

doi:10.1109/SPW.2014.45

Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis

Florian Kammuller, Christian W. Probst

Department of Applied Mathematics and Computer Science

Middlesex University

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

444 Downloads (Orbit)

Abstract

In this paper we revisit the advances made on invalidation policies to explore attack possibilities in organizational models. One aspect that has so far eloped systematic analysis of insider threat is the integration of data into attack scenarios and its exploitation for analyzing the models. We draw from recent insights into generation of insider data to complement a logic based mechanical approach. We show how insider analysis can be traced back to the early days of security verification and the Lowe-attack on NSPK. The invalidation of policies allows modelchecking organizational structures to detect insider attacks. Integration of higher order logic specification techniques allows the use of data refinement to explore attack possibilities beyond the initial system specification. We illustrate this combined invalidation technique on the classical example of the naughty lottery fairy. Data generation techniques support the automatic generation of insider attack data for research. The data generation is however always based on human generated insider attack scenarios that have to be designed based on domain knowledge of counter-intelligence experts. Introducing data refinement and invalidation techniques here allows the systematic exploration of such scenarios and exploit data centric views into insider threat analysis.

Original language	English
Title of host publication	2014 IEEE Security and Privacy Workshops (SPW)
Publisher	IEEE
Publication date	2014
Pages	229-235
DOIs	https://doi.org/10.1109/SPW.2014.45
Publication status	Published - 2014
Event	2014 IEEE Security and Privacy Workshops (SPW) - The Fairmont, San Jose, California, United States Duration: 17 May 2014 → 18 May 2014 http://www.ieee-security.org/TC/SPW2014/index.html

Conference

Conference	2014 IEEE Security and Privacy Workshops (SPW)
Location	The Fairmont
Country/Territory	United States
City	San Jose, California
Period	17/05/2014 → 18/05/2014
Other	Co-located with the 35th IEEE Symposium on Security and Privacy (SP)
Internet address	http://www.ieee-security.org/TC/SPW2014/index.html

Bibliographical note

WRIT: 2nd Workshop on Research for Insider Threat: http://www.sei.cmu.edu/community/writ2014/writ2014-program.cfm

Keywords

Insider threats
policies
formal methods

Access to Document

10.1109/SPW.2014.45

KammuellerProbst MIST14 CombiningGeneratedDataModelsWithFormalInvalidationForInsiderThreatAnalysisAccepted author manuscript, 225 KB

http://www.ieee-security.org/TC/SPW2014/papers/5103a229.PDF

OpenUrl availability

Full text

Cite this

@inproceedings{1b24edc9494142db8370fe39ae6911a7,

title = "Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis",

abstract = "In this paper we revisit the advances made on invalidation policies to explore attack possibilities in organizational models. One aspect that has so far eloped systematic analysis of insider threat is the integration of data into attack scenarios and its exploitation for analyzing the models. We draw from recent insights into generation of insider data to complement a logic based mechanical approach. We show how insider analysis can be traced back to the early days of security verification and the Lowe-attack on NSPK. The invalidation of policies allows modelchecking organizational structures to detect insider attacks. Integration of higher order logic specification techniques allows the use of data refinement to explore attack possibilities beyond the initial system specification. We illustrate this combined invalidation technique on the classical example of the naughty lottery fairy. Data generation techniques support the automatic generation of insider attack data for research. The data generation is however always based on human generated insider attack scenarios that have to be designed based on domain knowledge of counter-intelligence experts. Introducing data refinement and invalidation techniques here allows the systematic exploration of such scenarios and exploit data centric views into insider threat analysis.",

keywords = "Insider threats, policies, formal methods",

author = "Florian Kammuller and Probst, {Christian W.}",

note = "WRIT: 2nd Workshop on Research for Insider Threat: http://www.sei.cmu.edu/community/writ2014/writ2014-program.cfm; 2014 IEEE Security and Privacy Workshops (SPW) ; Conference date: 17-05-2014 Through 18-05-2014",

year = "2014",

doi = "10.1109/SPW.2014.45",

language = "English",

pages = "229--235",

booktitle = "2014 IEEE Security and Privacy Workshops (SPW)",

publisher = "IEEE",

address = "United States",

url = "http://www.ieee-security.org/TC/SPW2014/index.html",

}

TY - GEN

T1 - Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis

AU - Kammuller, Florian

AU - Probst, Christian W.

N1 - WRIT: 2nd Workshop on Research for Insider Threat: http://www.sei.cmu.edu/community/writ2014/writ2014-program.cfm

PY - 2014

Y1 - 2014

N2 - In this paper we revisit the advances made on invalidation policies to explore attack possibilities in organizational models. One aspect that has so far eloped systematic analysis of insider threat is the integration of data into attack scenarios and its exploitation for analyzing the models. We draw from recent insights into generation of insider data to complement a logic based mechanical approach. We show how insider analysis can be traced back to the early days of security verification and the Lowe-attack on NSPK. The invalidation of policies allows modelchecking organizational structures to detect insider attacks. Integration of higher order logic specification techniques allows the use of data refinement to explore attack possibilities beyond the initial system specification. We illustrate this combined invalidation technique on the classical example of the naughty lottery fairy. Data generation techniques support the automatic generation of insider attack data for research. The data generation is however always based on human generated insider attack scenarios that have to be designed based on domain knowledge of counter-intelligence experts. Introducing data refinement and invalidation techniques here allows the systematic exploration of such scenarios and exploit data centric views into insider threat analysis.

AB - In this paper we revisit the advances made on invalidation policies to explore attack possibilities in organizational models. One aspect that has so far eloped systematic analysis of insider threat is the integration of data into attack scenarios and its exploitation for analyzing the models. We draw from recent insights into generation of insider data to complement a logic based mechanical approach. We show how insider analysis can be traced back to the early days of security verification and the Lowe-attack on NSPK. The invalidation of policies allows modelchecking organizational structures to detect insider attacks. Integration of higher order logic specification techniques allows the use of data refinement to explore attack possibilities beyond the initial system specification. We illustrate this combined invalidation technique on the classical example of the naughty lottery fairy. Data generation techniques support the automatic generation of insider attack data for research. The data generation is however always based on human generated insider attack scenarios that have to be designed based on domain knowledge of counter-intelligence experts. Introducing data refinement and invalidation techniques here allows the systematic exploration of such scenarios and exploit data centric views into insider threat analysis.

KW - Insider threats

KW - policies

KW - formal methods

U2 - 10.1109/SPW.2014.45

DO - 10.1109/SPW.2014.45

M3 - Article in proceedings

SP - 229

EP - 235

BT - 2014 IEEE Security and Privacy Workshops (SPW)

PB - IEEE

T2 - 2014 IEEE Security and Privacy Workshops (SPW)

Y2 - 17 May 2014 through 18 May 2014

ER -

Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis

Abstract

Conference

Bibliographical note

Keywords

Access to Document

OpenUrl availability

Fingerprint

Cite this