Security is a major challenge for today's companies, especially ICT ones which manages large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insiders attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are company's employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions: it is a consequence that insiders attackers constitute an actual threat for ICT organizations. In this paper we present our ongoing work towards a methodology and supporting libraries and tools for insider threats assessment and mitigation. The ultimate objective is to quantitatively evaluate the possibility that a user will perform an attack, the severity of potential violations, the costs, and finally select the countermeasures. The methodology also includes a maintenance phase during which the assessment is updated on the basis of system evolution. The paper discusses future works towards the completion of our methodology.
A methodology and supporting techniques for the quantitative assessment of insider threats / Nicola Nostro; Andrea Ceccarelli; Andrea Bondavalli; Francesco Brancati. - STAMPA. - (2013), pp. 1-6. (Intervento presentato al convegno 2nd International Workshop on Dependability Issues in Cloud Computing - DISCCO '13 tenutosi a Braga (Portugal) nel 30 September 2013) [10.1145/2506155.2506158].
A methodology and supporting techniques for the quantitative assessment of insider threats
NOSTRO, NICOLA;CECCARELLI, ANDREA;BONDAVALLI, ANDREA;BRANCATI, FRANCESCO
2013
Abstract
Security is a major challenge for today's companies, especially ICT ones which manages large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insiders attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are company's employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions: it is a consequence that insiders attackers constitute an actual threat for ICT organizations. In this paper we present our ongoing work towards a methodology and supporting libraries and tools for insider threats assessment and mitigation. The ultimate objective is to quantitatively evaluate the possibility that a user will perform an attack, the severity of potential violations, the costs, and finally select the countermeasures. The methodology also includes a maintenance phase during which the assessment is updated on the basis of system evolution. The paper discusses future works towards the completion of our methodology.File | Dimensione | Formato | |
---|---|---|---|
a3-nostro.pdf
Accesso chiuso
Tipologia:
Altro
Licenza:
Tutti i diritti riservati
Dimensione
309.25 kB
Formato
Adobe PDF
|
309.25 kB | Adobe PDF | Richiedi una copia |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.