Obligations to enforce prohibitions: on the adequacy of security policies

Security policies in organisations typically take the form of obligations for the employees. However, it is often unclear what the purpose of such obligations is, and how these can be integrated in the operational processes of the organisation. This can result in policies that may be either too strong or too weak, leading to unnecessary productivity loss, or the possibility of becoming victim to attacks that exploit the weaknesses, respectively. In this paper, we propose a framework in which the security obligations of employees are linked directly to prohibitions that prevent external agents (attackers) from reaching their goals. We use graph-based and logic-based approaches to formalise and reason about such policies, and show how the framework can be used to verify correctness of the associated refinements. The framework can assist organisations in aligning security policies with their threat model.

[1]  Arthur B. Markman,et al.  Knowledge Representation , 1998 .

[2]  Frédéric Cuppens,et al.  Analyzing consistency of security policies , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[3]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[4]  Jan Woleński Deontic logic and possible worlds semantics: A historical sketch , 1990, Stud Logica.

[5]  Peter Szolovits,et al.  What Is a Knowledge Representation? , 1993, AI Mag..

[6]  Wiebe E. Bijker,et al.  Shaping Technology/Building Society: Studies in Sociotechnical Change ed. by Wiebe E. Bijker, John Law (review) , 1994, Technology and Culture.

[7]  V. Nunes Leal Franqueira,et al.  Towards alignment of architectural domains in security policy specifications , 2006 .

[8]  Frédéric Cuppens,et al.  Towards a logical formalization of responsibility , 1997, ICAIL '97.

[9]  Pieter H. Hartel,et al.  Effectiveness of Physical, Social and Digital Mechanisms against Laptop Theft in Open Organizations , 2010, 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing.

[10]  Morris Sloman,et al.  Policy driven management for distributed systems , 1994, Journal of Network and Systems Management.

[11]  B. Latour 10 ''Where Are the Missing Masses? The Sociology of a Few Mundane Artifacts'' , 1992 .

[12]  Takeo Kanade,et al.  Formal Aspects in Security and Trust , 2008, Lecture Notes in Computer Science.

[13]  R. M. Hare,et al.  Norm and Action: A Logical Enquiry. , 1965 .

[14]  Marek J. Sergot,et al.  A logic-based calculus of events , 1989, New Generation Computing.

[15]  Chitta Baral,et al.  Knowledge Representation, Reasoning and Declarative Problem Solving , 2003 .

[16]  Wolter Pieters,et al.  Representing Humans in System Security Models: An Actor-Network Approach , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[17]  Emil C. Lupu,et al.  Security and management policy specification , 2002, IEEE Netw..

[18]  Trajce Dimkov,et al.  Alignment of organizational security policies: Theory and Practice , 2012 .

[19]  Marina De Vos,et al.  Answer Set Programming for Representing and Reasoning About Virtual Institutions , 2006, CLIMA.

[20]  Batya Friedman,et al.  Value-sensitive design , 1996, INTR.

[21]  Wolter Pieters,et al.  Security Policy Alignment: A Formal Approach , 2013, IEEE Systems Journal.

[22]  N. Belnap,et al.  Facing the Future: Agents and Choices in Our Indeterminist World , 2001 .

[23]  Flemming Nielson,et al.  Where Can an Insider Attack? , 2006, Formal Aspects in Security and Trust.

[24]  Bruno Latour,et al.  A Note on Socio-Technical Graphs , 1992 .

[25]  Robert W. Binkley The Logic of Action , 1976 .

[26]  Michael Gelfond,et al.  Action Languages , 1998, Electron. Trans. Artif. Intell..

[27]  Marshall Abrams,et al.  Abstraction and Refinement of Layered Security Policy , 2006 .