Attack Tree Analysis for Insider Threats on the IoT Using Isabelle

The Internet-of-Things (IoT) aims at integrating small devices around humans. The threat from human insiders in “regular” organisations is real; in a fully-connected world of the IoT, organisations face a substantially more severe security challenge due to unexpected access possibilities and information flow. In this paper, we seek to illustrate and classify insider threats in relation to the IoT (by ‘smart insiders’), exhibiting attack vectors for their characterisation. To model the attacks we apply a method of formal modelling of Insider Threats in the interactive theorem prover Isabelle. On the classified IoT attack examples, we show how this logical approach can be used to make the models more precise and to analyse the previously identified Insider IoT attacks using Isabelle attack trees.

[1]  Sadie Creese,et al.  Smart Insiders: Exploring the Threat from Insiders Using the Internet-of-Things , 2015, 2015 International Workshop on Secure Internet of Things (SIoT).

[2]  Michael H. Breitner,et al.  Fraud Prediction and the Human Factor: An Approach to Include Human Behavior in an Automated Fraud Audit , 2012, 2012 45th Hawaii International Conference on System Sciences.

[3]  Christian W. Probst,et al.  Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[4]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[5]  Dawn M. Cappelli,et al.  The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .

[6]  Ulrike Hugl Putting a Hat on a Hen? Learnings for Malicious Insider Threat Prevention from the Background of German White-Collar Crime Research , 2015, HCI.

[7]  Mudita Singhal,et al.  Detecting Insider Threat from Enterprise Social and Online Activity Data , 2015, MIST@CCS.

[8]  Bruce Schneier,et al.  Toward a secure system engineering methodolgy , 1998, NSPW '98.

[9]  Florian Kammüller,et al.  A Formal Proof of Sylow's Theorem , 1999, Journal of Automated Reasoning.

[10]  Narendra Shekokar,et al.  Insider Threat Detection Using Log Analysis and Event Correlation , 2015 .

[11]  Sadie Creese,et al.  Understanding Insider Threat: A Framework for Characterising Attacks , 2014, 2014 IEEE Security and Privacy Workshops.

[12]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[13]  Florian Kammüller,et al.  Locales - A Sectioning Concept for Isabelle , 1999, TPHOLs.

[14]  Florian Kammüller,et al.  Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis , 2014, 2014 IEEE Security and Privacy Workshops.

[15]  Florian Kammüller,et al.  Modeling and Verification of Insider Threats Using Logical Analysis , 2017, IEEE Systems Journal.

[16]  Ludovic Henrio,et al.  An Asynchronous Distributed Component Model and Its Semantics , 2009, FMCO.