@INPROCEEDINGS{PHN,
  title = {{Where can an Insider attack?}},
  author = {{Christian W.} {Probst} and {Ren\'e Rydhof} {Hansen} and {Flemming} {Nielson}},
  booktitle = {Proceedings of the 4th international Workshop on Formal Aspects in Security and Trust (FAST2006)},
  abstract = {By definition, an insider has better access, is more trusted, and has better information about internal procedures, high-value targets, and potential weak spots in the security, than an outsider. Consequently, an insider attack has the potential to cause significant, even catastrophic, damage to the targeted organisation. While the problem is well recognised in the security community as well as in law-enforcement and intelligence communities, the main resort still is to audit log files after the fact. There has been little research into developing models, automated tools, and techniques for analysing and solving (parts of) the problem. In this paper we first develop a formal model of systems, that can describe real-world scenarios. These high-level models are then mapped to acKlaim, a process algebra with support for access control, that is used to study and analyse properties of the modelled systems. Our analysis of processes identifies which actions may be performed by whom, at which locations, accessing which data. This allows to compute a superset of audit results---before an incident occurs.},
  url = {http://rap.dsi.unifi.it/sensoriasite/ProbstHansenNielson_WhereCanAnInsiderAttack.pdf},
  partner = {DTU},
  status = {public},
  task = {T3.1},
}