|
Announcements
Center for Information Protection
UC Davis is planning to join the NSF I/UCRC
Center for Information Protection. We are looking
for companies to join our Industrial Advisory
Board.
Find out more here!
Conferences and Workshops
My Links
Other Links
This Quarter’s Classes
Office Hours for This Quarter
Contacting Me
|
We Have Met the Enemy And He Is Us
Citation
- M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates,
“We Have Met the Enemy And He Is Us,”
Proceedings of the 2008 Workshop on New Security Paradigms
pp. 1–12 (Sep. 2008).
Paper
Abstract
The insider threat has long been considered one of the most serious threats in
computer security, and one of the most difficult to combat. But the problem has
never been defined precisely, and that lack of precise definition inhibits
solutions. This paper presents a precise definition of insider threat, and shows
how the definition enables an analysis of the set of problems traditionally
lumped into “the insider threat”. It introduces a hierarchy of policy
abstractions, and argues that the discrepancies between the different layers of
abstraction expose the potential for insider threat. It also presents a
methodology for analyzing the threat based upon our definitions. In the process,
we introduce Attribute-Based Group Access Control, a generalization of the
Role-Based Access Control model that allows any attributes to define a group. We
apply this to the insider threat by defining groups based on access
capabilities, and using that to identify users with a high level of threat with
respect to high-risk resources.
Copyright Notice
© ACM, 2008. This is the author’s version of the work.
It is posted here by permission of ACM for your personal use.
Not for redistribution.
The definitive version was published in
Proceedings of the 2008 Workshop on New Security Paradigms,
Sep. 2008,
and is available at
http://doi.acm.org/10.1145/1595676.1595678.
|
