• DocumentCode
    154281
  • Title

    Insider Threat Identification by Process Analysis

  • Author

    Bishop, Matt ; Conboy, Heather M. ; Huong Phan ; Simidchieva, Borislava I. ; Avrunin, George S. ; Clarke, Lori A. ; Osterweil, Leon J. ; Peisert, Sean

  • Author_Institution
    Dept. of Comput. Sci., Univ. of California at Davis, Davis, CA, USA
  • fYear
    2014
  • fDate
    17-18 May 2014
  • Firstpage
    251
  • Lastpage
    264
  • Abstract
    The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential "insider"). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we first describe how a process works in formal terms. We then look at the agents who are carrying out particular tasks, perform different analyses to determine how the process can be compromised, and suggest countermeasures that can be incorporated into the process model to improve its resistance to insider attack.
  • Keywords
    security of data; computer security; insider attack; insider threat identification; intrusion detection mechanism; process analysis; process modeling; Analytical models; Drugs; Fault trees; Hazards; Logic gates; Nominations and elections; Software; data exfiltration; elections; insider threat; process modeling; sabotage;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy Workshops (SPW), 2014 IEEE
  • Conference_Location
    San Jose, CA
  • Type

    conf

  • DOI
    10.1109/SPW.2014.40
  • Filename
    6957310
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=154281