Detecting insider threats: A trust-aware framework

Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

Volumn , Issue , 2013, Pages 121-130

  Paci, Federica ^a   Fernandez Gago, Carmen ^b   Moyano, Francisco ^b  

^a UNIVERSITY OF TRENTO   (Italy)

^b UNIVERSITY OF MÁLAGA   (Spain)

Author keywords

Insider threats; Security requirements; Trust relationships

Indexed keywords

AUTOMATIC DETECTION; EARLY REQUIREMENT ANALYSIS; INSIDER THREAT; ORGANIZATIONAL SETTING; REQUIREMENT MODELING LANGUAGES; SECURITY PROPERTIES; SECURITY REQUIREMENTS; TRUST RELATIONSHIP;

PATIENT MONITORING;

SECURITY OF DATA;

EID: 84892384466     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2013.22     Document Type: Conference Paper

References (21)

1. S. E. Institute, "2011 cybersecurity watch survey," Software Engineering Institute, Carnegie Mellon, Tech. Rep., 2011. [Online]. Available: http://www.cert.org/archive/pdf/CyberSecuritySurvey2011Data.pdf
2. G. Silowash, D. Cappelli, A. Moore, R. F. Trzeciak, T. J. Shimeall, and L. Flynn, "Common sense guide to mitigating insider threats," Software Engineering Institute, Carnegie Mellon, Tech. Rep. CMU/SEI-2012-TR-012, December 2012. [Online]. Available: Http://www.sei.cmu.edu/library/abstracts/ reports/12tr012.cfm
3. F. Massacci, J. Mylopoulos, and N. Zannone, "Security Requirements Engineering : The SI*Modeling Language and the Secure Tropos Methodology," in Advances in Intelligent Information Systems, ser. Studies in Computational Intelligence, Z. Ras and L.-S. Tsay, Eds. Springer Berlin / Heidelberg, 2010, vol. 265, pp. 147-174.
4. Y. Asnar, T. Li, F. Massacci, and F. Paci, "Computer aided threat identification," in Proceedings of the 2011 IEEE 13th Conference on Commerce and Enterprise Computing, ser. CEC '11. Washington, DC, USA: IEEE Computer Society, 2011, pp. 145-152. [Online]. Available: http://dx.doi.org/10. 1109/CEC.2011.13
5. J. L. Isaac Agudo, Carmen Fernandez-Gago, "A scale based trust model for multi-context environments," Computers and Mathematics with Applications, vol. 60, pp. 209-216, July 2010.
6. A. Jøsang, R. Ismail, and C. Boyd, "A survey of trust and reputation systems for online service provision," Decision Support Systems, vol. 43, no. 2, pp. 618-644, March 2007.
7. I. Agudo, M. C. F. Gago, and J. Lopez, "A model for trust metrics analysis," in TrustBus, 2008, pp. 28-37.
8. N. Zannone, "A Requirements Engineering Methodology for Trust, Security, and Privacy," Ph.D. dissertation, University of Trento, Italy, 2007.
9. J. Crampton and M. Huth, "Towards an access-control framework for countering insider threats," in Insider Threats in Cyber Security, ser. Advances in Information Security, C.W. Probst, J. Hunker, D. Gollmann, and M. Bishop, Eds. Springer US, 2010, vol. 49, pp. 173-195.
10. A. Van Lamsweerde and E. Letier, "Handling obstacles in goal-oriented requirements engineering," IEEE Transactions on Software Engineering, vol. 26, no. 10, pp. 978-1005, 2000.
11. A. Van Lamsweerde, "Elaborating security requirements by construction of intentional anti-models," Proceedings. 26th International Conference on Software Engineering, pp. 148-157, 2004.
12. L. Liu, E. Yu, and J. Mylopoulos, "Security and privacy requirements analysis within a social setting," Proc.of RE, vol. 3, pp. 151-161, 2003.
13. E. Yu, "Modelling strategic relationships for process reengineering," Ph.D. dissertation, University of Toronto, Canada, 1995.
14. T. Li, L. Liu, and B. R. Bryant, "Service Security Analysis Based on i*: An Approach from the Attacker Viewpoint," in Security, Trust, and Privacy for Software Applications (STPSA 2010), Seoul, 2010, pp. 127-133.
15. G. Elahi, E. Yu, and N. Zannone, "A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities," Requirements Engineering, vol. 15, no. 1, pp. 41-62, Nov. 2009.
16. R. Matuleviius, H. Mouratidis, N. Mayer, E. Dubois, and P. Heymans, "Syntactic and semantic extensions to secure tropos to support security risk management," Journal of Universal Computer Science, vol. 18, no. 6, pp. 816-844, mar 2012.
17. H. Mouratidis and P. Giorgini, "Secure tropos: a security-oriented extension of the tropos methodology." International Journal of Software Engineering and Knowledge Engineering, vol. 17, no. 2, pp. 285-309, 2007.
18. N. R. Mead and T. Stehney, "Security quality requirements engineering (square) methodology," SIGSOFT Softw. Eng. Notes, vol. 30, no. 4, pp. 1-7, May 2005.
19. D. Mellado, E. Fernandez-Medina, and M. Piattini, "Applying a security requirements engineering process," Computer Security-ESORICS 2006, pp. 192-206, 2006.
20. Y. Asnar, P. Giorgini, and J. Mylopoulos, "Goal-driven risk assessment in requirements engineering," Requirements Engineering, vol. 16, no. 2, pp. 101-116, 2011.
21. N. Li, J. C. Mitchell, and W. H. Winsborough, "Beyond proof-ofcompliance: security analysis in trust management," J. ACM, vol. 52, no. 3, pp. 474-514, May 2005.