Insider Threat Identification by Process Analysis

The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential "insider"). Such an attack requires that these agent...

Full description

Saved in:
Bibliographic Details
Published in2014 IEEE Security and Privacy Workshops pp. 251 - 264
Main Authors Bishop, Matt, Conboy, Heather M., Huong Phan, Simidchieva, Borislava I., Avrunin, George S., Clarke, Lori A., Osterweil, Leon J., Peisert, Sean
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.05.2014
Subjects
Analytical models
data exfiltration
Drugs
elections
Fault trees
Hazards
insider threat
Logic gates
Nominations and elections
process modeling
sabotage
Software
Online AccessGet full text

Cover

More Information
Summary:The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential "insider"). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we first describe how a process works in formal terms. We then look at the agents who are carrying out particular tasks, perform different analyses to determine how the process can be compromised, and suggest countermeasures that can be incorporated into the process model to improve its resistance to insider attack.
DOI:10.1109/SPW.2014.40