The ability to design and reason about architectures (here understood as organisations which are designed according to hierarchies of roles and those processes that link them) which co-exist and interact within complex environments is of increasing importance. With the introduction of more interconnected technology affecting the way in which stakeholders manage information and conduct their operations, the need for such a capability is clear. Current approaches either address this issue with a mathematical approach which presents an obstacle to most non-specialist analysts, or they choose not to incorporate the full spread of factors that fall within the scope of this thesis. This thesis aims to develop a capability that provides those decision-makers who have information security management responsibilities with the means to analyse isolated, as well as interacting, security and business architectures. It aims to provide this capability at a level of modelling abstraction that is accessible to such non-technical specialists. The first stage of the thesis builds on earlier work on hierarchical structures by Beautement and Pym (2010b). It is dedicated to the development of a suitable conceptual framework which is both general and flexible enough to embody the required properties of a system, as well as their method of implementation spread across hierarchies of rˆoles describing organisations. This concept is expanded to describe how such architectures may interact with one another, and notation which is helpful in discussing these operations carefully is also developed. The framework is then applied to three broad areas within information security, those of trust (which is interpreted as a specific property within a given domain), heuristics (which are broadly treated as actions that should be undertaken during certain conditions), and access control. In each case the suitability of the framework is investigated, leading to refinements in the model which support the common goal of providing a novel view on these approaches to security analysis. This view is characterised by a unified consideration of the underlying architectures, to properties and policies applied across organisations. A key driver in conducting this analysis is to enable the description of how properties, fundamental to the legitimacy of systems, may firstly be established and then by how they may be compromised—providing a view on system vulnerabilities in that controls may fail or be circumvented. Following this, the framework is also intended as a tool to address such vulnerabilities, and to provide a means by which to scope measures designed to mitigate them.
Identifer | oai:union.ndltd.org:bl.uk/oai:ethos.bl.uk:646105 |
Date | January 2014 |
Creators | Taylor, Barry |
Publisher | University of Aberdeen |
Source Sets | Ethos UK |
Detected Language | English |
Type | Electronic Thesis or Dissertation |
Source | http://digitool.abdn.ac.uk:80/webclient/DeliveryManager?pid=225757 |
Page generated in 0.0016 seconds