Skip to main content
SpringerLink
Log in

Isabelle Modelchecking for Insider Threats

  • Conference paper
  • First Online:
Data Privacy Management and Security Assurance (DPM 2016, QASA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9963))

Abstract

The Isabelle Insider framework formalises the technique of social explanation for modeling and analysing Insider threats in infrastructures including physical and logical aspects. However, the abstract Isabelle models need some refinement to provide sufficient detail to explore attacks constructively and understand how the attacker proceeds. The introduction of mutable states into the model leads us to use the concepts of Modelchecking within Isabelle. Isabelle can simply accommodate classical CTL type Modelchecking. We integrate CTL Modelchecking into the Isabelle Insider framework. A running example of an IoT attack on privacy motivates the method throughout and illustrates how the enhanced framework fully supports realistic modeling and analysis of IoT Insiders.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Kammüller, F.: Isabelle insider framework including modelchecking and examples (2016). https://www.dropbox.com/sh/rx8d09pf31cv8bd/AAALKtaP8HMX642fi04Og4NLa?dl=0

  2. Axelrad, E.T., Sticha, P.J., Brdiczka, O., Shen, J.: A Bayesian network model for predicting insider threats. In: IEEE Security and Privacy Workshops, SPW-WRIT (2013)

    Google Scholar 

  3. Bishop, M., Conboy, H.M., Phan, H., Simidchieva, B.I., Avrunin, G.S., Clarke, L.A., Osterweil, L.J., Peisert, S.: Insider threat identification by process analysis. In: IEEE Security and Privacy Workshops, SPW-WRIT (2014)

    Google Scholar 

  4. Bitdefender. Bitdefender research exposes security risks of android wearable devices (2014). http://www.darkreading.com/partner-perspectives/bitdefender/bitdefender-research-exposes-security-risks-of-android-wearable-devices-/a/d-id/1318005

  5. Boender, J., Ivanova, M.G., Kammüller, F., Primiero, G.: Modeling human behaviour with higher order logic: insider threats. In: STAST 2014, Co-located with CSF 2014 in the Vienna Summer of Logic. IEEE (2014)

    Google Scholar 

  6. Cappelli, D.M., Moore, A.P., Trzeciak, R.F., The, C.: Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley, Boston (2012)

    Google Scholar 

  7. Chen, T., Kammüller, F., Nemli, I., Probst, C.W.: A probabilistic analysis framework for malicious insider threats. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 178–189. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  8. Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge (1999)

    Google Scholar 

  9. Esparza, J., Lammich, P., Neumann, R., Nipkow, T., Schimpf, A., Smaus, J.-G.: A fully verified executable LTL model checker. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 463–478. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  10. Esser, H.: Soziologie - Allgemeine Grundlagen. Campus, Frankfurt (1993)

    Google Scholar 

  11. Greitzer, F.L., Strozer, J.R., Cohen, S., Moore, A.P., Mundie, D., Cowley, J.: Analysis of unintentional insider threats deriving from social engineering exploits. In: IEEE Security and Privacy Workshops, SPW-WRIT (2014)

    Google Scholar 

  12. Hempel, C.G., Oppenheim, P.: Studies in the logic of explanation. Philos. Sci. 15, 135–175 (1948)

    Article  Google Scholar 

  13. Henrio, L., Kammüller, F., Rivera, M.: An asynchronous distributed component model and its semantics. In: de Boer, F.S., Bonsangue, M.M., Madelaine, E. (eds.) FMCO 2008. LNCS, vol. 5751, pp. 159–179. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  14. Ivanova, M.G., Probst, C.W., Hansen, R.R., Kammüller, F.: Transforming graphical system models to graphical attack models. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 82–96. Springer, Heidelberg (2016)

    Chapter  Google Scholar 

  15. Kammüller, F., Kerber, M.: Investigating airplane safety and security against insider threats using logical modeling. In: IEEE Security and Privacy Workshops, SPW-WRIT. IEEE (2016)

    Google Scholar 

  16. Kammüller, F., Nurse, J.R.C., Probst, C.W.: Attack tree analysis for insider threats on the IoT using isabelle. In: Tryfonas, T. (ed.) HAS 2016. LNCS, vol. 9750, pp. 234–246. Springer, Heidelberg (2016)

    Chapter  Google Scholar 

  17. Kammüller, F., Paulson, L.C.: A formal proof of Sylow’s theorem. J. Autom. Reasoning 23(3), 235–264 (1999)

    Article  MATH  Google Scholar 

  18. Kammüller, F., Probst, C.W.: Invalidating policies using structural information. In: IEEE Security and Privacy Workshops, SPW-WRIT (2013)

    Google Scholar 

  19. Kammüller, F., Probst, C.W.: Combining generated data models with formal invalidation for insider threat analysis. In: IEEE Security and Privacy Workshops, SPW-WRIT (2014)

    Google Scholar 

  20. Kammüller, F., Probst, C.W.: Modeling and verification of insider threats using logical analysis. IEEE Syst. J. PP(99), 1–12 (2016). Digital Espionage, and Counter Intelligence. Special issue on Insider Threats to Information Security

    Google Scholar 

  21. Kammüller, F., Wenzel, M., Paulson, L.C.: Locales - a sectioning concept for isabelle. In: Bertot, Y., Dowek, G., Hirschowitz, A., Paulin, C., Théry, L. (eds.) TPHOLs 1999. LNCS, vol. 1690, pp. 149–165. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  22. Nurse, J.R.C., Buckley, O., Legg, P.A., Goldsmith, M., Creese, S., Wright, G.R.T., Whitty, M.: Understanding insider threat: a framework for characterising attacks. In: IEEE Security and Privacy Workshops, SPW-WRIT (2014)

    Google Scholar 

  23. Nurse, J.R.C., Erola, A., Agrafiotis, I., Goldsmith, M., Creese, S.: Smart insiders: exploring the threat from insiders using the internet-of-things. In: International Workshop on Secure Internet of Things (SIoT ), in conjunction with ESORICS 2015, LNCS. Springer (2015, in print)

    Google Scholar 

  24. Probst, C.W., Kammüller, F., Hansen, R.R.: Formal modelling and analysis of socio-technical systems. In: Probst, C.W., Hankin, C., Hansen, R.R. (eds.) Semantics, Logics, and Calculi. LNCS, vol. 9560, pp. 54–73. Springer, Heidelberg (2016)

    Chapter  Google Scholar 

  25. Symantec. How safe is your quantified self? Tech. Rep. (2014)

    Google Scholar 

  26. Tarski, A.: A lattice-theoretic fixpoint theorem and its applications. Pac. J. Math. 5, 285–309 (1955)

    Article  MathSciNet  MATH  Google Scholar 

  27. VERIS. Veris: the vocabulary for event recording and incident sharing (2015). http://veriscommunity.net

Download references

Author information

Authors and Affiliations

  1. Middlesex University, London, UK

    Florian Kammüller

Authors
  1. Florian Kammüller
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Florian Kammüller .

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università degli Studi di Milano, Crema, Italy

    Giovanni Livraga

  2. University of Skövde , Skövde, Sweden

    Vicenç Torra

  3. University of Urbino , Urbino, Italy

    Alessandro Aldini

  4. IIT National Research Council CNR , Pisa, Italy

    Fabio Martinelli

  5. Technische Universität Darmstadt , Darmstadt, Germany

    Neeraj Suri

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Kammüller, F. (2016). Isabelle Modelchecking for Insider Threats. In: Livraga, G., Torra, V., Aldini, A., Martinelli, F., Suri, N. (eds) Data Privacy Management and Security Assurance. DPM QASA 2016 2016. Lecture Notes in Computer Science(), vol 9963. Springer, Cham. https://doi.org/10.1007/978-3-319-47072-6_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47072-6_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47071-9

  • Online ISBN: 978-3-319-47072-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation