Abstract
The Isabelle Insider framework formalises the technique of social explanation for modeling and analysing Insider threats in infrastructures including physical and logical aspects. However, the abstract Isabelle models need some refinement to provide sufficient detail to explore attacks constructively and understand how the attacker proceeds. The introduction of mutable states into the model leads us to use the concepts of Modelchecking within Isabelle. Isabelle can simply accommodate classical CTL type Modelchecking. We integrate CTL Modelchecking into the Isabelle Insider framework. A running example of an IoT attack on privacy motivates the method throughout and illustrates how the enhanced framework fully supports realistic modeling and analysis of IoT Insiders.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kammüller, F.: Isabelle insider framework including modelchecking and examples (2016). https://www.dropbox.com/sh/rx8d09pf31cv8bd/AAALKtaP8HMX642fi04Og4NLa?dl=0
Axelrad, E.T., Sticha, P.J., Brdiczka, O., Shen, J.: A Bayesian network model for predicting insider threats. In: IEEE Security and Privacy Workshops, SPW-WRIT (2013)
Bishop, M., Conboy, H.M., Phan, H., Simidchieva, B.I., Avrunin, G.S., Clarke, L.A., Osterweil, L.J., Peisert, S.: Insider threat identification by process analysis. In: IEEE Security and Privacy Workshops, SPW-WRIT (2014)
Bitdefender. Bitdefender research exposes security risks of android wearable devices (2014). http://www.darkreading.com/partner-perspectives/bitdefender/bitdefender-research-exposes-security-risks-of-android-wearable-devices-/a/d-id/1318005
Boender, J., Ivanova, M.G., Kammüller, F., Primiero, G.: Modeling human behaviour with higher order logic: insider threats. In: STAST 2014, Co-located with CSF 2014 in the Vienna Summer of Logic. IEEE (2014)
Cappelli, D.M., Moore, A.P., Trzeciak, R.F., The, C.: Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley, Boston (2012)
Chen, T., Kammüller, F., Nemli, I., Probst, C.W.: A probabilistic analysis framework for malicious insider threats. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 178–189. Springer, Heidelberg (2015)
Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge (1999)
Esparza, J., Lammich, P., Neumann, R., Nipkow, T., Schimpf, A., Smaus, J.-G.: A fully verified executable LTL model checker. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 463–478. Springer, Heidelberg (2013)
Esser, H.: Soziologie - Allgemeine Grundlagen. Campus, Frankfurt (1993)
Greitzer, F.L., Strozer, J.R., Cohen, S., Moore, A.P., Mundie, D., Cowley, J.: Analysis of unintentional insider threats deriving from social engineering exploits. In: IEEE Security and Privacy Workshops, SPW-WRIT (2014)
Hempel, C.G., Oppenheim, P.: Studies in the logic of explanation. Philos. Sci. 15, 135–175 (1948)
Henrio, L., Kammüller, F., Rivera, M.: An asynchronous distributed component model and its semantics. In: de Boer, F.S., Bonsangue, M.M., Madelaine, E. (eds.) FMCO 2008. LNCS, vol. 5751, pp. 159–179. Springer, Heidelberg (2009)
Ivanova, M.G., Probst, C.W., Hansen, R.R., Kammüller, F.: Transforming graphical system models to graphical attack models. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 82–96. Springer, Heidelberg (2016)
Kammüller, F., Kerber, M.: Investigating airplane safety and security against insider threats using logical modeling. In: IEEE Security and Privacy Workshops, SPW-WRIT. IEEE (2016)
Kammüller, F., Nurse, J.R.C., Probst, C.W.: Attack tree analysis for insider threats on the IoT using isabelle. In: Tryfonas, T. (ed.) HAS 2016. LNCS, vol. 9750, pp. 234–246. Springer, Heidelberg (2016)
Kammüller, F., Paulson, L.C.: A formal proof of Sylow’s theorem. J. Autom. Reasoning 23(3), 235–264 (1999)
Kammüller, F., Probst, C.W.: Invalidating policies using structural information. In: IEEE Security and Privacy Workshops, SPW-WRIT (2013)
Kammüller, F., Probst, C.W.: Combining generated data models with formal invalidation for insider threat analysis. In: IEEE Security and Privacy Workshops, SPW-WRIT (2014)
Kammüller, F., Probst, C.W.: Modeling and verification of insider threats using logical analysis. IEEE Syst. J. PP(99), 1–12 (2016). Digital Espionage, and Counter Intelligence. Special issue on Insider Threats to Information Security
Kammüller, F., Wenzel, M., Paulson, L.C.: Locales - a sectioning concept for isabelle. In: Bertot, Y., Dowek, G., Hirschowitz, A., Paulin, C., Théry, L. (eds.) TPHOLs 1999. LNCS, vol. 1690, pp. 149–165. Springer, Heidelberg (1999)
Nurse, J.R.C., Buckley, O., Legg, P.A., Goldsmith, M., Creese, S., Wright, G.R.T., Whitty, M.: Understanding insider threat: a framework for characterising attacks. In: IEEE Security and Privacy Workshops, SPW-WRIT (2014)
Nurse, J.R.C., Erola, A., Agrafiotis, I., Goldsmith, M., Creese, S.: Smart insiders: exploring the threat from insiders using the internet-of-things. In: International Workshop on Secure Internet of Things (SIoT ), in conjunction with ESORICS 2015, LNCS. Springer (2015, in print)
Probst, C.W., Kammüller, F., Hansen, R.R.: Formal modelling and analysis of socio-technical systems. In: Probst, C.W., Hankin, C., Hansen, R.R. (eds.) Semantics, Logics, and Calculi. LNCS, vol. 9560, pp. 54–73. Springer, Heidelberg (2016)
Symantec. How safe is your quantified self? Tech. Rep. (2014)
Tarski, A.: A lattice-theoretic fixpoint theorem and its applications. Pac. J. Math. 5, 285–309 (1955)
VERIS. Veris: the vocabulary for event recording and incident sharing (2015). http://veriscommunity.net
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Kammüller, F. (2016). Isabelle Modelchecking for Insider Threats. In: Livraga, G., Torra, V., Aldini, A., Martinelli, F., Suri, N. (eds) Data Privacy Management and Security Assurance. DPM QASA 2016 2016. Lecture Notes in Computer Science(), vol 9963. Springer, Cham. https://doi.org/10.1007/978-3-319-47072-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-47072-6_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47071-9
Online ISBN: 978-3-319-47072-6
eBook Packages: Computer ScienceComputer Science (R0)