Project leader: prof. dr. ir. Pieter Hartel, UT (16 November 2007 till 1 October 2011)
In days gone by you could place a fence around your company’s site to protect your company information. Nowadays data are stored in the cloud or on the laptops of external consultants. This project investigates the security risks associated with this. It will also try to find solutions, for example, through case studies of security problems in digitalised systems and by means of an arithmetic model that determines which steps you must take to steal information in the fastest and least risky manner. This tool will give organisations an insight into the weak points in their security.
Within VISPER methods have been developed to test whether an organisation’s security policy is correctly upheld by security mechanisms. A formal framework, Portunes, has been introduced that generates attack scenarios which contravene the security policy without breaking though the security mechanisms. This project has, for example, evaluated security mechanisms to reduce laptop theft. Not only were reports about laptop theft analysed but an experiment was also performed in which the theft of more than thirty laptops was simulated. Recommendations were also made about using combinations of physical and digital security systems to protect information. The project users will apply the results to optimise relevant operational processes and to improve security policy and mechanisms.
The research will be continued in the FP7 project TREsPASS: Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security.
Universities and partners involved