Isabelle Modelchecking for insider threats

The Isabelle Insider framework formalises the technique of social explanation for modeling and analysing Insider threats in infrastructures including physical and logical aspects. However, the abstract Isabelle models need some refinement to provide sufficient detail to explore attacks constructively and understand how the attacker proceeds. The introduction of mutable states into the model leads us to use the concepts of Modelchecking within Isabelle. Isabelle can simply accommodate classical CTL type Modelchecking. We integrate CTL Modelchecking into the Isabelle Insider framework. A running example of an IoT attack on privacy motivates the method throughout and illustrates how the enhanced framework fully supports realistic modeling and analysis of IoT Insiders

Isabelle Modelchecking for insider threats

The Isabelle Insider framework formalises the technique of social explanation for modeling and analysing Insider threats in infrastructures including physical and logical aspects. However, the abstract Isabelle models need some refinement to provide sufficient detail to explore attacks constructively and understand how the attacker proceeds. The introduction of mutable states into the model leads us to use the concepts of Modelchecking within Isabelle. Isabelle can simply accommodate classical CTL type Modelchecking. We integrate CTL Modelchecking into the Isabelle Insider framework. A running example of an IoT attack on privacy motivates the method throughout and illustrates how the enhanced framework fully supports realistic modeling and analysis of IoT Insiders

Isabelle Modelchecking for insider threats

The Isabelle Insider framework formalises the technique of social explanation for modeling and analysing Insider threats in infrastructures including physical and logical aspects. However, the abstract Isabelle models need some refinement to provide sufficient detail to explore attacks constructively and understand how the attacker proceeds. The introduction of mutable states into the model leads us to use the concepts of Modelchecking within Isabelle. Isabelle can simply accommodate classical CTL type Modelchecking. We integrate CTL Modelchecking into the Isabelle Insider framework. A running example of an IoT attack on privacy motivates the method throughout and illustrates how the enhanced framework fully supports realistic modeling and analysis of IoT Insiders

Formal modeling and analysis with humans in infrastructures for IoT health care systems

In this paper, we integrate previously developed formal methods to model infrastructure, actors, and policies of human centric infrastructures in order to analyze security and privacy properties. A fruitful approach for discovering attacks on human centric infrastructure models is invalidation of global policies. Invalidating global policies by a complete exploration of the state space can be realized by modelchecking. To counter the state explosion problem inherent in modelchecking, Higher Order Logic (HOL) supported by the interactive theorem prover Isabelle can be used to emulate modelchecking. In addition, the Isabelle Insider framework supports modeling and analysis of human centric infrastructures including attack trees. In this paper, we investigate how Isabelle modelchecking might help to improve detection of attack traces and re-finement of attack tree analysis. To this end, we use a case study from security and privacy of IoT devices in the health care sector as proposed in the CHIST-ERA project SUCCESS

Modeling and verification of insider threats using logical analysis

In this paper we combine formal modeling and analysis of infrastructures of organisations with sociological explanation to provide a framework for insider threat analysis. We use the Higher Order Logic proof assistant Isabelle/HOL to support this framework. In the formal model, we exhibit and use a common trick from the formal verification of security protocols showing that it is applicable to insider threats. We introduce briefly a three step process of social explanation illustrating that it can be applied fruitfully to the characterisation of insider threats. We introduce the Insider theory constructed in Isabelle that implements this process of social explanation. To validate that the social explanation is generally useful for the analysis of insider threats and to demonstrate our framework, we model and verify the insider threat patterns Entitled Independent and Ambitious Leader in our Isabelle/HOL framework

Modeling and verification of insider threats using logical analysis

In this paper we combine formal modeling and analysis of infrastructures of organisations with sociological explanation to provide a framework for insider threat analysis. We use the Higher Order Logic proof assistant Isabelle/HOL to support this framework. In the formal model, we exhibit and use a common trick from the formal verification of security protocols showing that it is applicable to insider threats. We introduce briefly a three step process of social explanation illustrating that it can be applied fruitfully to the characterisation of insider threats. We introduce the Insider theory constructed in Isabelle that implements this process of social explanation. To validate that the social explanation is generally useful for the analysis of insider threats and to demonstrate our framework, we model and verify the insider threat patterns Entitled Independent and Ambitious Leader in our Isabelle/HOL framework

Formal modeling and analysis of data protection for GDPR compliance of IoT healthcare systems

In this paper, we investigate the implications of the General Data Privacy Regulation (GDPR) on the design of an IoT healthcare system. From 26th May 2018, the GDPR will become mandatory within the European Union and hence also for any supplier of IT products. Breaches of the regulation will be fined with penalties of 20 Million EUR. This is a strong motivation for system designers to enable the proof of compliance to the GDPR. We propose the use of formal modeling and analysis using interactive theorem proving. Based on previous work on modeling infrastructures and security policies for insider attacks, we demonstrate the use of logical modeling and machine assisted verification to support data protection (privacy) by design. We illustrate this process on the case study of IoT based monitoring of Alzheimer’s patients that we work on in the CHIST-ERA project SUCCESS

A proof calculus for attack trees in Isabelle

Attack trees are an important modeling formalism to identify and quantify attacks on security and privacy. They are very useful as a tool to understand step by step the ways through a system graph that lead to the violation of security policies. In this paper, we present how attacks can be refined based on the violation of a policy. To that end we provide a formal definition of attack trees in Isabelle’s Higher Order Logic: a proof calculus that defines how to refine sequences of attack steps into a valid attack. We use a notion of Kripke semantics as formal foundation that then allows to express attack goals using branching time temporal logic CTL. We illustrate the use of the mechanized Isabelle framework on the example of a privacy attack to an IoT healthcare system