EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


19934 Representing humans in system security models: An actor-network approach
Home Policy Brochure Browse Search User Area Contact Help

Pieters, W. (2011) Representing humans in system security models: An actor-network approach. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 2 (1). pp. 75-92. ISSN 2093-5374

This is the latest version of this eprint.

Full text available as:

PDF

533 Kb
Open Access



Official URL: http://isyou.info/jowua/papers/jowua-v2n1-5.pdf

Exported to Metis

Abstract

System models to assess the vulnerability of information systems to security threats typically represent a physical infrastructure (buildings) and a digital infrastructure (computers and networks), in combination with an attacker traversing the system while acquiring credentials. Other humans are generally not included, as their behaviour is considered more difficult to express. We propose a graph-based reference model for reasoning about access in system models including human actions, inspired by the sociological actor-network theory, treating humans and non-humans symmetrically. This means that humans can employ things to gain access (an attacker gains access to a room by means of a key), but things can also employ humans to gain access (a USB stick gains access to a computer by means of an employee), leading to a simple but expressive model. The model has the additional advantage that it is not based on containment, an increasingly problematic notion in the age of disappearing boundaries between systems. Based on the reference model, we discuss algorithms for finding attacks, as well as examples. The reference model can serve as a starting point for discussing representations of human behaviour in system models, and for including human behaviour in other than graph-based approaches.

Item Type:Article
Research Group:EWI-DIES: Distributed and Embedded Security, EWI-IS: Information Systems
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:VISPER: The VIrtual Security PERimeter for digital, physical, and organisational security
Uncontrolled Keywords:Actor-network theory, containment, hypergraphs, security modelling, socio-technical systems, vulnerability analysis
ID Code:19934
Status:Published
Deposited On:05 April 2011
Refereed:Yes
International:Yes
More Information:statisticsmetis

Available Versions of this Item

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item