Conferences

• IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2021); papers due April 26, 2021
• New Security Paradigms Workshop (NSPW 2021); papers due May 21, 2021

---

My Links

• My Home Page
• Books
• Classes
• Papers
• Reports and Notes
• Research
• Security in Programming
• Service
• Students
• Talks
• Miscellaneous
• My Family
• About Me (CV and such)

---

Other Links

• Cybersecurity Club
• Computer Security Lab
• Dept. of Computer Science
• College of Engineering
• University of California, Davis
• City of Davis
• County of Yolo
• State of California
• United States of America

---

Me

• This Quarter’s Classes
• Office Hours for This Quarter
• Contacting Me
• My Personal Blog
  (Last Entry September 4, 2020; “Don’t Vote Twice”)

---

Current Time in Davis, CA, USA

Insider Attack Identification and Prevention in Collection-Oriented Dataflow-Based Processes

Citation

A. Sarkar, S. Köhler, B. Ludäscher, and M. Bishop “Insider Attack Identification and Prevention in Collection-Oriented Dataflow-Based Processes,” IEEE Systems Journal 11(2) pp. 522–533 (June 2017).

Paper

• Published version web page, paper paywalled at IEEE Explore: [DOI] [URL]
• Authors’ final version:
  • Local: [PDF] [PS]
  • UC Repository: [eScholarship]

Abstract

We introduce an approach of automatically identifying attacks by insider agents on dataflow-based processes having a collection-oriented data model and then improving the processes to prevent the attacks against them. Some process data, if used by some agents via steps at certain points of timeline, will lead to a privacy attack. A manual identification of these vulnerable data and rogue agents is quite tedious; thus, our approach automatically performs these identifications. We model a process and an attack based on a directed acyclic graph, with steps, reading and writing data, and controlled by agents. Then, we perform a declarative implementation to find out if this attack model can be mapped onto the process model based on some similarity criteria. If these criteria are met, we conclude that the attack model is “similar enough” to the process model to be successfully realized through it. Each possible way of mapping shows an avenue of attack on the process. Agent collusion scenarios are also identified. Finally, our approach automatically identifies process improvement opportunities and iteratively exploits them, thereby eliminating attack avenues.

Bibliographic Information: [BibTeX] [RIS]
DOI: 10.1109/JSYST.2015.2477472

---

Last updated on Thursday, April 15, 2021 11:20:53 PM PDT