Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems
|Title||Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems|
|Publication Type||Conference Paper|
|Year of Publication||2016|
|Authors||Lenzini G., Mauw S., Ouchani S.|
|Conference Name||12th International Workshop on Security and Trust Management, STM 2016, Heraklion, Crete, Greece|
A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow defined by what the organization's employees do (copy, move, and destroy information) and propose an algorithm that enforces a policy on the model, before checking against an adversary if a security requirement holds.