Insider Attack Identification and Prevention in Collection-Oriented Dataflow-Based Processes
A. Sarkar, S. Köhler, B. Ludäscher, and M. Bishop “Insider Attack Identification and Prevention in Collection-Oriented Dataflow-Based Processes,” IEEE Systems Journal 11(2) pp. 522–533 (June 2017).
- Published version web page, paper paywalled at IEEE Explore: [DOI] [URL]
- Authors’ final version:
We introduce an approach of automatically identifying attacks by insider agents on dataflow-based processes having a collection-oriented data model and then improving the processes to prevent the attacks against them. Some process data, if used by some agents via steps at certain points of timeline, will lead to a privacy attack. A manual identification of these vulnerable data and rogue agents is quite tedious; thus, our approach automatically performs these identifications. We model a process and an attack based on a directed acyclic graph, with steps, reading and writing data, and controlled by agents. Then, we perform a declarative implementation to find out if this attack model can be mapped onto the process model based on some similarity criteria. If these criteria are met, we conclude that the attack model is “similar enough” to the process model to be successfully realized through it. Each possible way of mapping shows an avenue of attack on the process. Agent collusion scenarios are also identified. Finally, our approach automatically identifies process improvement opportunities and iteratively exploits them, thereby eliminating attack avenues.