Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems

TitleAnalysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems
Publication TypeConference Paper
Year of Publication2016
AuthorsLenzini G., Mauw S., Ouchani S.
Conference Name12th International Workshop on Security and Trust Management, STM 2016, Heraklion, Crete, Greece
Date PublishedSeptember
PublisherSpringer Verlag
Conference LocationBerlin
Abstract

A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow defined by what the organization's employees do (copy, move, and destroy information) and propose an algorithm that enforces a policy on the model, before checking against an adversary if a security requirement holds.

DOI10.1007/978-3-319-46598-2_12