Abstract :
[en] A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats.
We study this question formally. We model the information flow defined by what the organization's employees do (copy, move, and destroy information) and propose an algorithm that enforces a policy on the model, before checking against an adversary if a security requirement holds.
Scopus citations®
without self-citations
1