Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems
- Cite this paper as:
- Lenzini G., Mauw S., Ouchani S. (2016) Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems. In: Barthe G., Markatos E., Samarati P. (eds) Security and Trust Management. STM 2016. Lecture Notes in Computer Science, vol 9871. Springer, Cham
A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow defined by what the organization’s employees do (copy, move, and destroy information) and propose an algorithm that enforces a policy on the model, before checking against an adversary if a security requirement holds.