Representing humans in system security models: An actor-network approach

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

Volumn 2, Issue 1, 2011, Pages 75-92

  Pieters, Wolter ^a  

^a UNIVERSITY OF TWENTE   (Netherlands)

Author keywords

Actor network theory; Containment; Hypergraphs; Security modelling; Socio technical systems; Vulnerability analysis

Indexed keywords

EID: 80052324806     PISSN: 20935374     EISSN: 20935382     Source Type: Journal    
DOI: None     Document Type: Article

References (37)

1. F.-Y. Wang, "The emergence of intelligent enterprises: From CPS to CPSS," IEEE Intelligent Systems, vol. 25, no. 4, pp. 85-88, 2010.
2. M. Bishop, L. Coles-Kemp, D. Gollmann, J. Hunker, and C. Probst, "10341 Report - Insider threats: Strategies for prevention, mitigation, and response," in Insider Threats: Strategies for Prevention, Mitigation, and Response, Dagstuhl Seminar Proceedings, no. 10341. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany, 2010.
3. C. Probst and R. Hansen, "An extensible analysable system model," Information security technical report, vol. 13, no. 4, pp. 235-246, 2008.
4. T. Dimkov, W. Pieters, and P. Hartel, "Portunes: representing attack scenarios spanning through the physical, digital and social domain," in Proc. of the Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (ARSPA-WITS'10). Revised Selected Papers, Paphos, Cyprus, LNCS, vol. 6186. Springer-Verlag, March 2010, pp. 112-129.
5. T. Dimkov and W. Pieters and P.H. Hartel, "Two methodologies for physical penetration testing using social engineering," in Proc. of the Annual Computer Security Applications Conference (ACSAC'10), Austin, Texas, USA. ACM Press, December 2010, pp. 399-408.
6. P. Ryan and S. Schneider, The modelling and analysis of security protocols: the CSP approach. Addison-Wesley Professional, 2001.
7. C. Cremers, "The Scyther Tool: Verification, falsification, and analysis of security protocols," in Proc. of the 20th International Conference on Computer Aided Verification (CAV'08), Princeton, USA, LNCS, vol. 5123. Springer-Verlag, July 2008, pp. 414-418.
8. T. Dimkov, Q. Tang, and P. Hartel, "On the inability of existing security models to cope with data mobility in dynamic organizations," Centre for Telematics and Information Technology, University of Twente, Tech. Rep. TR-CTIT-08-57, 2008.
9. P. Hartel, M. Junger, and R. Wieringa, "Cyber-crime science = crime science + information security," http://eprints.eemcs.utwente.nl/18500/, Centre for Telematics and Information Technology, University of Twente, Enschede, Technical Report TR-CTIT-10-34, October 2010.
10. P. Verbeek, What things do: Philosophical Reflections on Technology, Agency, and Design. Pennsylvania State University Press, 2005.
11. Jericho Forum, "Jericho whitepaper," 2005. [Online]. Available: http://www.opengroup.org/projects/jericho/uploads/40/6809/visionwp.pdf
12. L. Cardelli and A. Gordon, "Mobile ambients," Theoretical computer science, vol. 240, pp. 177-213, 2000.
13. B. Dragovic and J. Crowcroft, "Information exposure control through data manipulation for ubiquitous computing," in Proc. of the 2004 Workshop on New Security Paradigms (NSPW'04), Nova Scotia, Canada. ACM Press, September 2004, pp. 57-64.
14. B. Dragovic and J. Crowcroft, "Containment: from context awareness to contextual effects awareness," in Proc. of the 2nd International Workshop on Software Aspects of Context (IWSAC'05), Santorini, Greece, July 2005.
15. V. Nunes Leal Franqueira, R. Lopes, and P. van Eck, "Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients," in Proc. of the 24th Annual ACM Symposium on Applied Computing (SAC'09), Honolulu, Hawaii, USA. ACM Press, March 2009, pp. 66-73.
16. D. Scott, "Abstracting application-level security policy for ubiquitous computing," Ph.D. dissertation, University of Cambridge, 2004.
17. A. Rensink, "The GROOVE simulator: A tool for state space generation," in Proc. of the 2nd International Workshop on Applications of Graph Transformations with Industrial Relevance (AGTIVE'03), Charlottesville, VA, USA, LNCS, vol. 3062. Springer-Verlag, September-October 2004, pp. 479-485.
18. D. Grohmann, "Security, cryptography and directed bigraphs," in Proc. of the 4th International Conference on Graph Transformation (ICGT'08), Leicester, UK, LNCS, ser. LNCS, vol. 5214. Springer-Verlag, September 2008, pp. 487-489.
19. R. Milner, "Bigraphical reactive systems," in Proc. of the 12th International Conference on Concurrency Theory (CONCUR'01), Aalborg, Denmark, LNCS, vol. 2154. Springer-Verlag, August 2001, pp. 16-35.
20. G. Ferrari, C. Montangero, L. Semini, and S. Semprini, "Mobile agents coordination in Mobadtl," in Proc. of the 4th International Conference on Coordination Languages and Models (COORDINATION'00), Limassol, Cyprus, LNCS, vol. 1907. Springer-Verlag, September 2000, pp. 232-248.
21. B. Morin, L. Mé, H. Debar, and M. Ducassé, "M2D2: A formal data model for IDS alert correlation," in Proc. of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID'02), Zurich, Switzerland, LNCS, vol. 2516. Springer-Verlag, October 2002, pp. 115-137.
22. F. Massacci and A. Yautsiukhin, "Modelling of quality of protection in outsourced business processes," in Proc. of the 3rd International Symposium on Information Assurance and Security (IAS'07), Manchester, UK. IEEE, August 2007, pp. 247-252.
23. F. Baiardi, S. Suin, C. Telmon, and M. Pioli, "Assessing the risk of an information infrastructure through security dependencies," in Proc. of the 1st International Workshop on Critical Information Infrastructures Security (CRITIS'06), Samos Island, Greece, LNCS, vol. 4347. Springer-Verlag, August-September 2006, pp. 42-54.
24. R. D. Nicola, G. L. Ferrari, and R. Pugliese, "Klaim: A kernel language for agents interaction and mobility," IEEE Transactions on software engineering, vol. 24, no. 5, pp. 315-330, May 1998.
25. D. Gorla and R. Pugliese, "Resource access and mobility control with dynamic privileges acquisition," in Proc. of the 14th International Colloquium on Automata, Languages and Programming (ICALP'03), Eindhoven, The Netherlands, LNCS, vol. 2719. Springer-Verlag, June-July 2003, pp. 119-132.
26. L. Bettini, M. Loreti, and R. Pugliese, "An infrastructure language for open nets," in Proc. of the 2002 ACM Symposium on Applied Computing (SAC'02), Madrid, Spain. ACM Press, March 2002, pp. 373-377.
27. C. Probst, R. Hansen, and F. Nielson, "Where can an insider attack?" in Proc. of The 4th International Workshop on Formal Aspects in Security and Trust (FAST'06), Hamilton, Ontario, Canada, LNCS, vol. 4691. Springer-Verlag, August 2007, pp. 127-142.
28. B. Latour, Reassembling the Social: An Introduction to Actor-Network-Theory. Oxford: Oxford University Press, 2005.
29. M. Akrich and B. Latour, "A summary of a convenient vocabulary for the semiotics of human and nonhuman assemblies," in Shaping Technology/Building Society: Studies in Sociotechnical Change, W. Bijker and J. Law, Eds. Cambridge, MA: MIT Press, 1992, pp. 259-264.
30. G. Walsham, "Actor-network theory and IS research: Current status and future prospects," in Information Systems and Qualitative Research, A. Lee, J. Liebenau, and J. DeGross, Eds. London: Chapman Hall, 1997, pp. 466-480.
31. D. Pavlovic and C. Meadows, "Actor-network procedures: Modelling multi-factor authentication, device pairing, social interactions," Forthcoming.
32. L. Floridi, "Information ethics: on the philosophical foundation of computer ethics," Ethics and Information Technology, vol. 1, no. 1, pp. 37-56, 1999.
33. S. Stasiukonis, "Social engineering the USB way," 2006. [Online]. Available: http://www.darkreading.com/document.asp?doc id=95556
34. P. Ammann, D. Wijesekera, and S. Kaushik, "Scalable, graph-based network vulnerability analysis," in Proc. of the 9th ACM Conference on Computer and Communications Security (ACM CCS'02), Washington, DC, USA. ACM Press, November 2002, pp. 217-224.
35. S. Mauw and M. Oostdijk, "Foundations of attack trees," in Proc. of the 8th Annual International Conference on Information Security and Cryptology (ICISC'05), Seoul, Korea, LNCS, vol. 3935. Springer-Verlag, December 2006, pp. 186-198.
36. X. Ou, W. Boyer, and M. McQueen, "A scalable approach to attack graph generation," in Proc. of the 13th ACM Conference on Computer and Communications Security (ACM CCS'06), Alexandria, USA. ACM Press, October-November 2006, p. 345.
37. A. Ghamarian, M. de Mol, A. Rensink, E. Zambon, and M. Zimakova, "Modelling and analysis using GROOVE," http://eprints.eemcs.utwente.nl/17830/, Centre for Telematics and Information Technology University of Twente, Enschede, Technical Report TR-CTIT-10-18, April 2010.