Secure team composition to thwart insider threats and cyber-espionage

Aron Laszka; Benjamin Johnson; Pascal Schöttle; Jens Grossklags; Rainer Böhme

doi:10.1145/2663499

Secure team composition to thwart insider threats and cyber-espionage

Aron Laszka, Benjamin Johnson, Pascal Schöttle, Jens Grossklags, Rainer Böhme

Research output: Contribution to journal › Article › peer-review

8 Scopus citations

Abstract

We develop a formal nondeterministic game model for secure team composition to counter cyber-espionage and to protect organizational secrets against an attacker who tries to sidestep technical securitymechanisms by offering a bribe to a project team member. The game captures the adversarial interaction between the attacker and the project manager who has a secret she wants to protect but must share with a team of individuals selected from within her organization. Our interdisciplinary work is important in the face of the multipronged approaches utilized by well-motivated attackers to circumvent the fortifications of otherwise well-defended targets.

Original language	English
Article number	2663499
Journal	ACM Transactions on Internet Technology
Volume	14
Issue number	2-3
DOIs	https://doi.org/10.1145/2663499
State	Published - 1 Oct 2014
Externally published	Yes

Keywords

Access control
Cyber-espionage
Game theory
Human factor
Insider threat
Management of information security

Access to Document

10.1145/2663499

Cite this

@article{6010d063bd68474fb06010a41ce5662a,

title = "Secure team composition to thwart insider threats and cyber-espionage",

abstract = "We develop a formal nondeterministic game model for secure team composition to counter cyber-espionage and to protect organizational secrets against an attacker who tries to sidestep technical securitymechanisms by offering a bribe to a project team member. The game captures the adversarial interaction between the attacker and the project manager who has a secret she wants to protect but must share with a team of individuals selected from within her organization. Our interdisciplinary work is important in the face of the multipronged approaches utilized by well-motivated attackers to circumvent the fortifications of otherwise well-defended targets.",

keywords = "Access control, Cyber-espionage, Game theory, Human factor, Insider threat, Management of information security",

author = "Aron Laszka and Benjamin Johnson and Pascal Sch{\"o}ttle and Jens Grossklags and Rainer B{\"o}hme",

note = "Publisher Copyright: {\textcopyright} 2014 ACM 1533-5399/2014/10-ART10 $15.00.",

year = "2014",

month = oct,

day = "1",

doi = "10.1145/2663499",

language = "English",

volume = "14",

journal = "ACM Transactions on Internet Technology",

issn = "1533-5399",

publisher = "Association for Computing Machinery (ACM)",

number = "2-3",

}

TY - JOUR

T1 - Secure team composition to thwart insider threats and cyber-espionage

AU - Laszka, Aron

AU - Johnson, Benjamin

AU - Schöttle, Pascal

AU - Grossklags, Jens

AU - Böhme, Rainer

PY - 2014/10/1

Y1 - 2014/10/1

N2 - We develop a formal nondeterministic game model for secure team composition to counter cyber-espionage and to protect organizational secrets against an attacker who tries to sidestep technical securitymechanisms by offering a bribe to a project team member. The game captures the adversarial interaction between the attacker and the project manager who has a secret she wants to protect but must share with a team of individuals selected from within her organization. Our interdisciplinary work is important in the face of the multipronged approaches utilized by well-motivated attackers to circumvent the fortifications of otherwise well-defended targets.

AB - We develop a formal nondeterministic game model for secure team composition to counter cyber-espionage and to protect organizational secrets against an attacker who tries to sidestep technical securitymechanisms by offering a bribe to a project team member. The game captures the adversarial interaction between the attacker and the project manager who has a secret she wants to protect but must share with a team of individuals selected from within her organization. Our interdisciplinary work is important in the face of the multipronged approaches utilized by well-motivated attackers to circumvent the fortifications of otherwise well-defended targets.

KW - Access control

KW - Cyber-espionage

KW - Game theory

KW - Human factor

KW - Insider threat

KW - Management of information security

UR - http://www.scopus.com/inward/record.url?scp=84908592787&partnerID=8YFLogxK

U2 - 10.1145/2663499

DO - 10.1145/2663499

M3 - Article

AN - SCOPUS:84908592787

SN - 1533-5399

VL - 14

JO - ACM Transactions on Internet Technology

JF - ACM Transactions on Internet Technology

IS - 2-3

M1 - 2663499

ER -

Secure team composition to thwart insider threats and cyber-espionage

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this