Attack Tree Analysis for Insider Threats on the IoT Using Isabelle

  • Florian Kammüller
  • Jason R. C. Nurse
  • Christian W. Probst
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9750)


The Internet-of-Things (IoT) aims at integrating small devices around humans. The threat from human insiders in “regular” organisations is real; in a fully-connected world of the IoT, organisations face a substantially more severe security challenge due to unexpected access possibilities and information flow. In this paper, we seek to illustrate and classify insider threats in relation to the IoT (by ‘smart insiders’), exhibiting attack vectors for their characterisation. To model the attacks we apply a method of formal modelling of Insider Threats in the interactive theorem prover Isabelle. On the classified IoT attack examples, we show how this logical approach can be used to make the models more precise and to analyse the previously identified Insider IoT attacks using Isabelle attack trees.


Smart Device High Order Logic Attack Tree Global Policy Inside Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ambre, A., Shekokar, N.: Insider threat detection using log analysis and event correlation. Procedia Comput. Sci. 45, 436–445 (2015)CrossRefGoogle Scholar
  2. 2.
  3. 3.
    Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley Professional, Boston (2012)Google Scholar
  4. 4.
    Gavai, G., Sricharan, K., Gunning, D., Rolleston, R., Hanley, J., Singhal, M.: Detecting insider threat from enterprise social and online activity data. In: ACM CCS International Workshop on Managing Insider Security Threats. ACM (2015)Google Scholar
  5. 5.
    Henrio, L., Kammüller, F., Rivera, M.: An asynchronous distributed component model and its semantics. In: de Boer, F.S., Bonsangue, M.M., Madelaine, E. (eds.) FMCO 2008. LNCS, vol. 5751, pp. 159–179. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Hoyer, S., Zakhariya, H., Sandner, T., Breitner, M.H.: Fraud prediction and the human factor: an approach to include human behavior in an automated fraud audit. In: 45th Hawaii International Conference on System Science (HICSS). IEEE (2012)Google Scholar
  7. 7.
    Hugl, U.: Putting a hat on a Hen? Learnings for malicious insider threat prevention from the background of German white-collar crime research. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 631–641. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  8. 8.
    Hunker, J., Probst, C.W.: Insiders and insider threatsan overview of definitions and mitigation techniques. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 2(1), 4–27 (2011)Google Scholar
  9. 9.
    Kammüller, F.: Isabelle Insider framework with examples (2015).
  10. 10.
    Kammüller, F., Paulson, L.C.: A formal proof of Sylow’s theorem. J. Autom. Reasoning 23(3), 235–264 (1999)CrossRefzbMATHGoogle Scholar
  11. 11.
    Kammüller, F., Probst, C.W.: Invalidating policies using structural information. In: WRIT 2013. IEEE (2013)Google Scholar
  12. 12.
    Kammüller, F., Probst, C.W.: Combining generated data models with formal invalidation for insider threat analysis. In: IEEE Security and Privacy Workshops (SPW), WRIT 2014. IEEE (2014)Google Scholar
  13. 13.
    Kammüller, F., Probst, C.W.: Modeling and verification of insider threats using logical analysis. IEEE Syst. J. PP, 1 (2016)Google Scholar
  14. 14.
    Kammüller, F., Wenzel, M., Paulson, L.C.: Locales - a sectioning concept for Isabelle. In: Bertot, Y., Dowek, G., Théry, L., Hirschowitz, A., Paulin, C. (eds.) Theorem Proving in Higher Order Logics. LNCS, vol. 1690, pp. 149–165. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  15. 15.
    Nurse, J.R.C., Buckley, O., Legg, P.A., Goldsmith, M., Creese, S., Wright, G.R.T., Whitty, M.: Understanding insider threat: a framework for characterising attacks. In: IEEE Security and Privacy Workshops (SPW), WRIT 2014. IEEE (2014)Google Scholar
  16. 16.
    Nurse, J.R.C., Erola, A., Agrafiotis, I., Goldsmith, M., Creese, S.: Smart insiders: exploring the threat from insiders using the internet-of-things. In: 4th International Workshop on Secure Internet of Things (SIoT 2015), pp. 5–14. IEEE (2015).
  17. 17.
    Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Workshop on New security paradigms, NSPW 1998 (1998)Google Scholar
  18. 18.
    Salter, C., Saydjari, O.S., Schneier, B., Wallner, J.: Toward a secure systemengineering methodology. In: Workshop on New Security Paradigms, NSPW 1998 (1998)Google Scholar
  19. 19.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: IEEE Symposium on Security and Privacy (S & P 2002). IEEE (2002)Google Scholar
  20. 20.
    Symantec. How safe is your quantified self? Technical report (2014)Google Scholar
  21. 21.
    Veris, V.: The vocabulary for event recording and incident sharing (2015).
  22. 22.
    Vormetric. 2015 vormetric insider threat report (2015).

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Florian Kammüller
    • 1
  • Jason R. C. Nurse
    • 2
  • Christian W. Probst
    • 3
  1. 1.Middlesex University LondonLondonUK
  2. 2.University of OxfordOxfordUK
  3. 3.Technical University DenmarkKongens LyngbyDenmark

Personalised recommendations