Case Studies of an Insider Framework

Much of the literature on insider threat assumes, explicitly or implicitly, a binary, perimeter-based notion of an insider. However, it is generally accepted that this notion is unrealistic. The Attribute-Based Group Access Control (ABGAC) framework is a generalization of Role-Based Access Control (RBAC) which allows us to define a non-binary notion of "insiderness". In this paper, we illustrate how to use ABGAC to perform insider threat analysis of high-risk resources with three case studies. This precise yet flexible identification of high-risk resources and associated insiders allows organizations to understand where to target efforts towards defending against the insider problem.

[1]  Robert H. Anderson,et al.  Understanding the Insider Threat: Proceedings of a March 2004 Workshop , 2005 .

[2]  Keith Marzullo,et al.  Toward Models for Forensic Analysis , 2007, Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'07).

[3]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[4]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[5]  A. Liu,et al.  A comparison of system call feature representations for insider threat detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[6]  Steven Furnell,et al.  A preliminary model of end user sophistication for insider threat prediction in IT systems , 2005, Comput. Secur..

[7]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[8]  Sean Peisert,et al.  A model of forensic analysis using goal-oriented logging , 2007 .

[9]  Joon S. Park,et al.  Role-based profile analysis for scalable and accurate insider-anomaly detection , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[10]  Flemming Nielson,et al.  Where Can an Insider Attack? , 2006, Formal Aspects in Security and Trust.

[11]  Dawn M. Cappelli,et al.  The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures , 2008, Insider Attack and Cyber Security.

[12]  V. Devita,et al.  We Have Met the Enemy and He Is Us , 2011 .

[13]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[14]  M. Perlman Computer capers , 1979, Proceedings of the IEEE.

[15]  Robert H. Anderson,et al.  Understanding the Insider Threat , 2004 .

[16]  Matt Bishop Position: "insider" is relative , 2005, NSPW '05.

[17]  J. Nunamaker,et al.  Proceedings of the 32nd Hawaii International Conference on System Sciences , 1999 .

[18]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[19]  Carrie Gates,et al.  Defining the insider threat , 2008, CSIIRW '08.

[20]  Shambhu Upadhyaya,et al.  Target-Centric Formal Model For Insider Threat And More , 2004 .