Modeling and verification of insider threats using logical analysis

In this paper we combine formal modeling and analysis of infrastructures of organisations with sociological explanation to provide a framework for insider threat analysis. We use the Higher Order Logic proof assistant Isabelle/HOL to support this framework. In the formal model, we exhibit and use a common trick from the formal verification of security protocols showing that it is applicable to insider threats. We introduce briefly a three step process of social explanation illustrating that it can be applied fruitfully to the characterisation of insider threats. We introduce the Insider theory constructed in Isabelle that implements this process of social explanation. To validate that the social explanation is generally useful for the analysis of insider threats and to demonstrate our framework, we model and verify the insider threat patterns Entitled Independent and Ambitious Leader in our Isabelle/HOL framework

Effects of crucible wetting during solidification of immiscible Pb-Zn

Many industrial uses for liquid phase miscibility gap alloys are proposed. However, the commercial production of these alloys into useful ingots with a reasonable amount of homogeneity is arduous because of their immiscibility in the liquid state. In the low-g environment of space gravitational settling forces are abated, thus solidification of an immiscible alloys with a uniform distribution of phases becomes feasible. Elimination of gravitational settling and coalescence processes in low-g also makes possible the study of other separation and coarsening mechanisms. Even with gravitational separation forces reduced, many low-g experiments have resulted in severely segregated structures. The segregation in many cases was due to preferential wetting of the crucible by one of the immiscible liquids. The objective was to analyze the wetting behavior of Pb-Zn alloys on various crucible materials in an effort to identify a crucible in which the fluid flow induced by preferential wetting is minimized. It is proposed that by choosing the crucible for a particular alloy so that the difference in surface energy between the solid and two liqud phases is minimized, the effects of preferential wetting can be diminished and possibly avoided. Qualitative experiments were conducted and have shown the competitive wetting behavior of the immiscible Pb-Zn system and 13 different crucible materials

Towards formal analysis of insider threats for auctions

This paper brings together the world of insider threats and auctions. For online-auction systems, like eBay, but also for high-value one-off auction algorithms as they are used for selling radio wave frequencies, the use of rigorous machine supported modelling and verification techniques is meaningful to prove correctness and scrutinize vulnerability to security and privacy attacks. Surveying the threats in auctions and insider collusions, we present an approach to model and analyze auction protocols for insider threats using the interactive theorem prover Isabelle. As a case study, we use the cocaine auction protocol that represents a nice combination of cryptographic techniques, protocols, and privacy goals suitable for highlighting insider threats for auctions

Attack tree analysis for insider threats on the IoT using Isabelle

The Internet-of-Things (IoT) aims at integrating small devices around humans. The threat from human insiders in “regular” organisations is real; in a fully-connected world of the IoT, organisations face a substantially more severe security challenge due to unexpected access possibilities and information flow. In this paper, we seek to illustrate and classify insider threats in relation to the IoT (by ‘smart insiders’), exhibiting attack vectors for their characterisation. To model the attacks we apply a method of formal modelling of Insider Threats in the interactive theorem prover Isabelle. On the classified IoT attack examples, we show how this logical approach can be used to make the models more precise and to analyse the previously identified Insider IoT attacks using Isabelle attack tree

Insider threats for auctions: formalization, mechanized proof, and code generation

This paper applies machine assisted formal methods to explore insider threats for auctions. Auction systems, like eBay, are an important problem domain for formal analysis because they challenge modelling concepts as well as analysis methods. We use machine assisted formal modelling and proof in Isabelle to demonstrate how security and privacy goals of auction protocols can be formally verified. Applying the costly scrutiny of formal methods is justified for auctions since privacy and trust are prominent issues and auctions are sometimes designed for one-off occasions where high bids are at stake. For example, when radio wave frequencies are on sale, auctions are especially created for just one occasion where fair and consistent behaviour is required. Investigating the threats in auctions and insider collusions, we model and analyze auction protocols for insider threats using the interactive theorem prover Isabelle. We use the existing example of a fictitious cocaine auction protocol from the literature to develop and illustrate our approach. Combining the Isabelle Insider framework with the inductive approach to verifying security protocols in Isabelle, we formalize the cocaine auction protocol, prove that this formal definition excludes sweetheart deals, and also that collusion attacks cannot generally be excluded. The practical implication of the formalization is demonstrated by code generation. Isabelle allows generating code from constructive specifications into the programming language Scala. We provide constructive test functions for cocaine auction traces, prove within Isabelle that these functions conform to the protocol definition, and apply code generation to produce an implementation of the executable test predicate for cocaine auction traces in Scala

Applications of stable water and carbon isotopes in watershed research: Weathering, carbon cycling, and water balances

Research on rivers has traditionally involved concentration and flux measurements to better understand weathering, transport and cycling of materials from land to ocean. As a relatively new tool, stable isotope measurements complement this type of research by providing an extra label to characterize origin of the transportedmaterial, its transfer mechanisms, and natural versus anthropogenic influences. These new stable isotope techniques are scalable across a wide range of geographic and temporal scales. This review focuses on three aspects of hydrological and geochemical river research that are of prime importance to the policy issues of climate change and include utilization of stable water and carbon isotopes: (i) silicate and carbonate weathering in river basins, (ii) the riverine carbon and oxygen cycles, and (iii) water balances at the catchment scale. Most studies at watershed scales currently focus on water and carbon balances but future applications hold promise to integrate sediment fluxes and turnover, ground and surface water interactions, as well as the understanding of contaminant sources and their effects in river systems

A Self-Administered Dietary Assessment Website for Use in Primary Health Care: Usability Testing and Evaluation

A dietary assessment website for use in the primary healthcare setting has been developed. The website allows patients, referred from their GP, to self-report their dietary intake. Data from the website feeds to a dietitian who develops individualised dietary advice for the patient. The aim of this paper is to describe the usability testing of the dietary assessment website with its potential users. Testing was broken into two phases. Forty-two free-living adults with metabolic syndrome volunteered, 17 completed phase one and 10 completed phase two, with a 64% rate of completion. Phase one participants spoke aloud as they progressed through the self-administered dietary assessment website under researcher observation. Observed difficulties in website use and need for assistance was recorded and the website underwent modifications between phases. Only four participants in phase 1 required large amounts of assistance. Phase two participants progressed through the website without observation or using the think-aloud protocol. This simulated the environment in the GP practice within which the website was to be implemented. All participants completed pre- and post-use questionnaires assessing feelings toward use, computer experience and problems encountered. Questionnaires were thematically analysed for relationships between website use and participant feelings. Time taken to use the website was recorded automatically. Website features were grouped into ‘action classes’ e.g. selecting food items, and times taken were calculated for each class. Comparisons (t-tests) were made between the action classes for the two phases. Average time taken to select the food items was 31mins and 24mins for phase one and two respectively. Total time taken was approximately 1 hour and varied by four minutes between phases. Time taken to complete the dietary assessment was comparable to a face-to-face diet history with a dietitian. The website was found to be highly user-friendly with little assistance being required for most levels of computer experience. Dietary management may be overlooked by GPs, yet by offering different methods of accessing dietitians, management may improve