modeling and analysis of security for human centric
play

Modeling and Analysis of Security for Human Centric Systems Florian - PowerPoint PPT Presentation

Oct 08, 2022 •7 likes •97 views

Modeling and Analysis of Security for Human Centric Systems Florian Kammller Middlesex University London & TU Berlin Assessment of ICT Security Risks in Socio-Technical Systems16, 16. November 2016 Formal Models for Insider Threat

  1. Modeling and Analysis of Security for Human Centric Systems Florian Kammüller Middlesex University London & TU Berlin Assessment of ICT Security Risks in Socio-Technical Systems’16, 16. November 2016

  2. Formal Models for Insider Threat Analysis • Initial Idea: • Model infrastructure, actors, policies • Invalidate global policy by complete exploration of state space ⇒ Modelchecking � State explosion problem • Interactive theorem proving in Isabelle [7] • Higher Order Logic: expressive • Proof of security/violations • Simulate “Modelchecking” [13] 2

  3. Modeling Human Behaviour for Sociological Explanation • Max Weber’s sociological explanation model • 3-step logic of explanation (Hempel and Oppenheimer [1]) social collective situation explanandum (d) (a) (c) actor action (b) ⇒ Macro-Micro-Macro transition ( a ) Macro-Micro: taxonomy of insider as datatypes in HOL based on psychological results, [12] e.g. datatype psy_states = happy | revenge | stressed ( b ) Micro-Micro: Infrastructure with actors and locations for action theory ( c ) Micro-Macro: Analysis of insider attacks: invalidation of global policies 3

  4. Applications of Isabelle Insider Framework • Logical Modeling of Insider Threats (Isabelle Insider Framework) [3] • Attack Tree Analysis for Insider Threats on the IoT using Isabelle. [16] • Airplane Safety and Security against Insider Threats. [17] • Formal Analysis of Insider Threats for Auctions. [15] 4

  5. Current Projects for Practical Application CHIST-ERA (EU) project SUCCESS: SecUre aCCESSibility for the internet of things (IoT) • Formal design of T2 privacy-critical IoT CARER scenarios Nurse/Doctor Mobile/ Bracelet Patient • Risk visualisation by Patient Hospital Take biomarker Patient Access attack trees control ATTACKER Data registration Doctor <mitigates> Measurement T1 • Certified implementation Data Theft Nurse <threatens> <impersonates> for IoT component Corrupt Data Attacker Steal Patient architectures Data S1 S2 Get Password • IoT Pilot scenario: sensor based monitoring Access Phone Crack PIN for dementia patients 5

  6. Conclusion and Pitch • Engineering secure IoT systems • Health care: cost efficiency vs privacy • What question do we need to answer • stakeholders: patient, nurse, doctor • Privacy vs positive discrimination 6

  7. References I [1] Frank Stajano and Ross Anderson. The Cocaine Auction Protocol: On The Power Of Anonymous Broadcast. In A. Pfitzmann, ed. Proceedings of Information Hiding Workshop 1999. LNCS Springer, 1999. [2] M. B. Caminati, M. Kerber, C. Lange, and C. Rowat. Sound auction specification and implementation. 16th ACM Conference on Economics and Computation, EC’15 . ACM, 2015. [3] F. Kammüller and C. W. Probst, Modeling and verification of insider threats using logical analysis, IEEE Systems Journal , 2016. [Online]. Available: http: //dx.doi.org/10.1109/JSYST.2015.2453215 [4] F. Kammüller. Verification of DNSsec Delegation Signatures. 21st International IEEE Conference on Telecommunication . IEEE, 2014. [5] F. Kammüller and S. Preibusch. Privacy Analysis of a Hidden Friendship Protocol. Data Privacy Management DPM’13, ESORICS. Vol. 8247, LNCS, Springer, 2013. 7

  8. References II [6] F. Kammüller. A Semi-Lattice Model for Multi-Lateral Security. Data Privacy Management DPM’12, ESORICS. p. 118–132, Vol. 7731, LNCS Security and Cryptology, Springer, 2013. [7] T. Nipkow, L. C. Paulson, and M. Wenzel. Isabelle/HOL – A Proof Assistant for Higher-Order Logic , 2283 LNCS. Springer-Verlag, 2002. [8] J. Boender, F. Kammüller, R. Nagarajan. Formalization of quantum protocols using Coq. 12th International Workshop on Quantum Physics and Logic . EPTCS 195, 2015. http://dx.doi. org/10.4204/EPTCS.195 [9] F. Kammüller and C. W. Probst, Invalidating policies using structural information, in WRIT’13, SPW . IEEE, 2013. [10] D. M. Cappelli, A. P . Moore, and R. F. Trzeciak, The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud), 1st ed., ser. SEI Series in Software Engineering. Addison-Wesley Professional, Feb. 2012. [Online]. Available: http://www.amazon.com/exec/obidos/redirect?tag=citeulike07- 20&path=ASIN/0321812573 [11] F. Kammüller. Formalizing Non-Interference for A Small Bytecode-Language in Coq. Formal Aspects of Computing : 20 (3):259–275. Springer, 2008. 8

  9. References III [12] Jason R. C. Nurse and Oliver Buckley and Philip A. Legg and Michael Goldsmith and Sadie Creese and Gordon R. T. Wright and Monica Whitty, Understanding Insider Threat: A Framework for Characterising Attacks, IEEE Security and Privacy Workshops (SPW), WRIT , 2014. [13] F. Kammüller. Refactoring Preserves Security. Data Privacy Management, DPM’16, 11th Int. Workshop ESORICS’16, LNCS, Springer, 2016. [14] F. Kammüller. Isabelle Modelchecking for Insider Threats. Data Privacy Management, DPM’16, 11th Int. Workshop, ESORICS’16. LNCS, Springer, 2016. [15] F. Kammüller, M. Kerber, C. W. Probst. Towards Formal Analysis of Insider Threats for Auctions. 8th ACM CCS International Workshop on Managing Insider Security Threats, MIST’16. ACM, 2016. [16] F. Kammüller, J. R. C. Nurse, and C. W. Probst. Attack Tree Analysis for Insider Threats on the IoT using Isabelle. 4th International Conference on Human Aspects of Security, Privacy and Trust, HCII-HAS 2016 . Vol. 9750, LNCS, Springer 2016. [17] F. Kammüller and M. Kerber. Investigating Airplane Safety and Security against Insider Threats Using Logical Modeling. IEEE Security and Privacy Workshops, SPW, WRIT’16 . 2016. 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Worlds First LED Human Centric Fluorescent Tube by Human Centric Optics Inc. 333,

The Worlds First LED Human Centric Fluorescent Tube by Human Centric Optics Inc. 333,

The Worlds First LED Human Centric Fluorescent Tube by Human Centric Optics Inc. 333, 10654-82 Ave NW Edmonton, Alberta info@hcolab.com www.hcolab.com Human Centric LED Medical science discovers a third receptor in our eyes This

714 views • 13 slides
10 Fuzzy Modeling: Principles and Methodology Fuzzy Systems Engineering Toward Human-Centric

10 Fuzzy Modeling: Principles and Methodology Fuzzy Systems Engineering Toward Human-Centric

10 Fuzzy Modeling: Principles and Methodology Fuzzy Systems Engineering Toward Human-Centric Computing Contents 10.1 The architectural blueprint of fuzzy models 10.2 Key phases of the development and use of fuzzy models 10.3 Main categories

735 views • 39 slides
Integrated Assessment Modeling of Coupled Natural and Human Systems in LCB Asim Zia

Integrated Assessment Modeling of Coupled Natural and Human Systems in LCB Asim Zia

Integrated Assessment Modeling of Coupled Natural and Human Systems in LCB Asim Zia Science Leader, RACC IAM Associate Professor of Public Policy &amp; Decision Analysis Director: Institute for Environmental Diplomacy and Security

816 views • 52 slides
Human Centric Human Centric Machine Learning Infrastructure Machine Learning Infrastructure @

Human Centric Human Centric Machine Learning Infrastructure Machine Learning Infrastructure @

Human Centric Human Centric Machine Learning Infrastructure Machine Learning Infrastructure @ Ville Tuulos QCon SF, November 2018 Meet Alex, a new chief data scientist at Caveman Cupcakes Meet Alex, a new chief data scientist at Caveman

1.15k views • 86 slides
Our goal is to make all of you curious on how to build human-centric products and services.

Our goal is to make all of you curious on how to build human-centric products and services.

Living in a world of people, it is hard to believe that so many products and services dont revolve the understanding of human needs nor solving human- centered problems. Our goal is to make all of you curious on how to build human-centric

420 views • 38 slides
The future of finance is human! Technology driven, but human-centric 22/11/2017 1 FUTURELAB

The future of finance is human! Technology driven, but human-centric 22/11/2017 1 FUTURELAB

FUTURELAB The future of finance is human! Technology driven, but human-centric 22/11/2017 1 FUTURELAB Stefan Kolle Some credentials All nice &amp; well but I still need to grow! Welcome Allow me to introduce myself Our Purpose To make

905 views • 72 slides
Game theoretic modeling, analysis, and mitigation of security risks. Assane Gueye

Game theoretic modeling, analysis, and mitigation of security risks. Assane Gueye

Game theoretic modeling, analysis, and mitigation of security risks. Assane Gueye NIST/ITL/CCTG, Gaithersberg NIST ACMD Seminar Tuesday, June 7, 2011 Click to edit Master subtitle style 6/7/11 Outline Motivations 1. Security 1. Game

542 views • 35 slides
Data Centric Security and Data Protection Manuela Cianfrone Bologna 29/10/2016 Speaker Manuela

Data Centric Security and Data Protection Manuela Cianfrone Bologna 29/10/2016 Speaker Manuela

Data Centric Security and Data Protection Manuela Cianfrone Bologna 29/10/2016 Speaker Manuela Cianfrone EMEA Solution Architect @ Protegrity USA Implement Data Centric Security Design Data Security Solutions Agenda Using Walls to

877 views • 34 slides
1 2 Analysis Modeling Review Chapters 12 3 Analysis Modeling A Picture is worth a

1 2 Analysis Modeling Review Chapters 12 3 Analysis Modeling A Picture is worth a

1 2 Analysis Modeling Review Chapters 12 3 Analysis Modeling A Picture is worth a 1000 Words!!! Helps better understand the requirements Data Function and Behavior Analysis modeling helps validate the

1.33k views • 88 slides
Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

2.73k views • 33 slides
How Complex Systems Thinking Can Tame Big Data: The Limits of Data-Centric Inference (and

How Complex Systems Thinking Can Tame Big Data: The Limits of Data-Centric Inference (and

Research School 2014 Predictive modeling: from data to models 29-31 October, Mtopole, Toulouse How Complex Systems Thinking Can Tame Big Data: The Limits of Data-Centric Inference (and Math Analysis) and Usefulness of Agent-Based

708 views • 51 slides
PIT Overload Analysis in Content Centric Networks Matteo Virgilio, Guido Marchetto, Riccardo

PIT Overload Analysis in Content Centric Networks Matteo Virgilio, Guido Marchetto, Riccardo

ACM SIGCOMM Workshop on Information-Centric Networking 12/08/2013 PIT Overload Analysis in Content Centric Networks Matteo Virgilio, Guido Marchetto, Riccardo Sisto Department of Control and Computer Engineering Politecnico di Torino 1/16

393 views • 16 slides
A. Rodi , M. Vujovi , M. Jovanovi , I. Stevanovi INTRODUCTION A human-centric,

A. Rodi , M. Vujovi , M. Jovanovi , I. Stevanovi INTRODUCTION A human-centric,

A. Rodi , M. Vujovi , M. Jovanovi , I. Stevanovi INTRODUCTION A human-centric, social, care-robot for attendance of the elderly and people with reduced ability New design of personal robot assistants operating in the it area as part

561 views • 31 slides
Institute for Cyber Security A Lattice Interpretation of Group-Centric Collaboration with

Institute for Cyber Security A Lattice Interpretation of Group-Centric Collaboration with

Institute for Cyber Security A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina Ahmed, Ravi Sandhu, Ram Krishnan Institute for Cyber Security University of Texas at San Antonio 1 1

336 views • 16 slides
LPS LPS LPS Modeling Modeling Amir Ghafoori Technology Technology PhD student Policy

LPS LPS LPS Modeling Modeling Amir Ghafoori Technology Technology PhD student Policy

Risk Analysis of the Maritime Traffic in Delaware River Presenting Author: Ozhan Alper Almaz PhD student Co-Authors: Tayfur Altiok Professor, Industrial and Systems Engineering Director, Laboratory for Port Security LPS LPS LPS Modeling

644 views • 29 slides
Requirements Analysis Modeling Requirements analysis modeling helps transition from elicitation

Requirements Analysis Modeling Requirements analysis modeling helps transition from elicitation

Requirements Analysis Modeling Requirements analysis modeling helps transition from elicitation to specification, from stakeholder to engineering view Analysis the detailed examination of something for explanation or interpretation R.

526 views • 17 slides
Managing the Weakest Link: A Game-Theoretic Approach for the Mitigation of Insider Threats Aron

Managing the Weakest Link: A Game-Theoretic Approach for the Mitigation of Insider Threats Aron

Managing the Weakest Link: A Game-Theoretic Approach for the Mitigation of Insider Threats Aron Laszka 1 , 2 Benjamin Johnson 3 ottle 4 Pascal Sch Jens Grossklags 1 ohme 4 Rainer B 1 Pennsylvania State University 2 Budapest University of

456 views • 44 slides
Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 11 Page 1 CS 236 Online Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection

143 views • 12 slides
Security: Computing in an Adversarial Environment Presenter Moderator Dr. Carrie Gates Dr.

Security: Computing in an Adversarial Environment Presenter Moderator Dr. Carrie Gates Dr.

Security: Computing in an Adversarial Environment Presenter Moderator Dr. Carrie Gates Dr. Christopher W. Clifton CA Technologies Purdue University carrie.gates@ca.com clifton@cs.purdue.edu ACM Learning Center ( http: / / learning.acm.org

826 views • 44 slides
Introduction to Computer Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C.

Introduction to Computer Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C.

Introduction to Computer Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L02 1 Outline of this Lecture A brief introduction to computer security A theoretical framework of computer security

972 views • 47 slides
Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman, Yacine Chakhchoukh and Frederick T. Sheldon Departments of Computer Science and Electrical &amp; Computer Engineering, University of Idaho, Moscow

425 views • 20 slides
Multi-Key Homomorphic Signatures Unforgeable under Insider Corruption Russell W. F. Lai 1,2 ,

Multi-Key Homomorphic Signatures Unforgeable under Insider Corruption Russell W. F. Lai 1,2 ,

Multi-Key Homomorphic Signatures Unforgeable under Insider Corruption Russell W. F. Lai 1,2 , Raymond K. H. Tai 2 , Harry W. H. Wong 2 , Sherman S. M. Chow 2 1 Friedrich-Alexander University Erlangen-Nuremberg 2 Chinese University of Hong Kong

618 views • 59 slides
Towards Automated Safety Vetting of PLC Code in Real-World Plants Mu Zhang , Chien-Ying

Towards Automated Safety Vetting of PLC Code in Real-World Plants Mu Zhang , Chien-Ying

Towards Automated Safety Vetting of PLC Code in Real-World Plants Mu Zhang , Chien-Ying Chen, Bin-Chou Kao, Yassine Qamsane, Yuru Shao, Yikai Lin, Elaine Shi , Sibin Mohan, Kira Barton, James Moyne and Z. Morley Mao

775 views • 22 slides
Introduction What is the Problem What is Science? 3 Themes Research Focus Areas

Introduction What is the Problem What is Science? 3 Themes Research Focus Areas

M EET S CIENCE OF S ECURITY Adam Tagert Ph.D. actager@tycho.ncsc.mil Science of Security &amp; Privacy Technical Director National Security Agency Introduction What is the Problem What is Science? 3 Themes Research Focus Areas

955 views • 57 slides

More recommend