On the Inability of Existing Security Models to Cope with Data Mobility in Dynamic Organizations

Modeling tools like Microsoft's TAM, play an important role in identifying threats in traditional IT systems, where the physical infrastructure and roles are assumed to be static. In dynamic organizations, the mobility of data outside the organizational perimeter causes an increased level of threats such as the loss of confidential data and the loss of reputation. We show that current modeling tools are not powerful enough to help the designer identify the emerging threats due to mobility of data and change of roles, because they do not include the mobility of IT systems nor the organizational dynamics in the security model. Researchers have proposed new security models that particularly focus on data mobility and the dynamics of modern organizations, such as frequent role changes of a person. We show that none of the new security models simultaneously considers the data mobility and organizational dynamics to a satisfactory extent. As a result, none of the new security models effectively identifies the potential security threats caused by data mobility in a dynamic organization.

[1]  Agostino Cortesi,et al.  Boundary Inference for Enforcing Security Policies in Mobile Ambients , 2002, IFIP TCS.

[2]  Dan Feng,et al.  The Security Threats and Corresponding Measures to Distributed Storage Systems , 2007, APPT.

[3]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[4]  Peter Gutmann,et al.  Secure deletion of data from magnetic and solid-state memory , 1996 .

[5]  Sam Supakkul,et al.  Security threat modeling and analysis: A goal-oriented approach , 2006, ICSE 2006.

[6]  Marwan Al-Zarouni,et al.  The reality of risks from consented use of USB devices , 2006 .

[7]  David Lacey Inventing the future - The vision of the Jericho Forum , 2005, Inf. Secur. Tech. Rep..

[8]  Edward W. Felten,et al.  Understanding Trusted Computing: Will Its Benefits Outweigh Its Drawbacks? , 2003, IEEE Secur. Priv..

[9]  Dianxiang Xu,et al.  Threat-Driven Architectural Design of Secure Information Systems , 2018, ICEIS.

[10]  Dianxiang Xu,et al.  Threat-driven modeling and verification of secure software using aspect-oriented Petri nets , 2006, IEEE Transactions on Software Engineering.

[11]  Alkesh I. Shah Analysis of Rootkits : Attack Approaches and Detection Mechanisms , 2006 .

[12]  Luca Cardelli,et al.  Types for the ambient calculus , 2002 .

[13]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[14]  Barry W. Boehm,et al.  Value Driven Security Threat Modeling Based on Attack Path Analysis , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[15]  Shambhu Upadhyaya,et al.  Target-Centric Formal Model For Insider Threat And More , 2004 .

[16]  J. Heasman Implementing and Detecting a PCI Rootkit , 2006 .

[17]  Roelf J. Wieringa,et al.  Conceptual modeling in social and physical contexts , 2008 .

[18]  John Walker The extended security perimeter , 2005, Inf. Secur. Tech. Rep..

[19]  Luca Cardelli,et al.  Mobile Ambients , 1998, FoSSaCS.

[20]  Haralambos Mouratidis,et al.  Modelling security and trust with Secure Tropos , 2006 .

[21]  James A. Landay,et al.  Approximate Information Flows: Socially-Based Modeling of Privacy in Ubiquitous Computing , 2002, UbiComp.

[22]  James A. Landay,et al.  Modeling Privacy Control in Context-Aware Systems , 2002, IEEE Pervasive Comput..

[23]  William Yurcik,et al.  Toward a threat model for storage systems , 2005, StorageSS '05.

[24]  Eenjun Hwang,et al.  Selective Role Assignment on Dynamic Location-Based Access Control , 2007, 2007 International Conference on Convergence Information Technology (ICCIT 2007).

[25]  David Scott Abstracting application-level security policy for ubiquitous computing , 2005 .

[26]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[27]  Michele Bugliesi,et al.  Access control for mobile agents: The calculus of boxed ambients , 2004, TOPL.

[28]  Jon Crowcroft,et al.  Information exposure control through data manipulation for ubiquitous computing , 2004, NSPW '04.

[29]  Jon Crowcroft,et al.  Containment: From context awareness to contextual effects awareness , 2005 .

[30]  Graham Palmer,et al.  De-Perimeterisation: Benefits and limitations , 2005, Inf. Secur. Tech. Rep..

[31]  Cameron Laird Taking a Hard-Line Approach to Encryption , 2007, Computer.

[32]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[33]  Harikesh S. Nair,et al.  Modeling social interactions: Identification, empirical methods and policy implications , 2008 .

[34]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.