Title :
Insider Threat Identification by Process Analysis
Author :
Bishop, Matt ; Conboy, Heather M. ; Huong Phan ; Simidchieva, Borislava I. ; Avrunin, George S. ; Clarke, Lori A. ; Osterweil, Leon J. ; Peisert, Sean
Author_Institution :
Dept. of Comput. Sci., Univ. of California at Davis, Davis, CA, USA
Abstract :
The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential "insider"). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we first describe how a process works in formal terms. We then look at the agents who are carrying out particular tasks, perform different analyses to determine how the process can be compromised, and suggest countermeasures that can be incorporated into the process model to improve its resistance to insider attack.
Keywords :
security of data; computer security; insider attack; insider threat identification; intrusion detection mechanism; process analysis; process modeling; Analytical models; Drugs; Fault trees; Hazards; Logic gates; Nominations and elections; Software; data exfiltration; elections; insider threat; process modeling; sabotage;
Conference_Titel :
Security and Privacy Workshops (SPW), 2014 IEEE
Conference_Location :
San Jose, CA
DOI :
10.1109/SPW.2014.40
