Title :
Mitigating Insider Threat without Limiting the Availability in Concurrent Undeclared Tasks
Author :
Yaseen, Qussai ; Panda, Brajendra
Author_Institution :
Dept. of Comput. Sci. & Comput. Eng., Univ. of Arkansas, Fayetteville, AR, USA
Abstract :
Insider threat is a critical problem due to the immense harm that it poses to organizations. This paper investigates this problem in relational database systems. Generally, defending systems against insider threat may require rejecting insiders´ requests to access some data items. The paper focuses on preventing unauthorized knowledge acquisition by insiders in concurrent undeclared tasks, where a task is executed as one operation at a time instead of a batch of operations, without affecting the availability of data items. It proposes approaches to predict the complete operations of undeclared tasks, and then, to organize the operations in a safe sequence that prevents the possible threat of insiders without rejecting any request. Theorems, proofs and simulations are provided to show the effectiveness of the proposed approaches.
Keywords :
authorisation; knowledge acquisition; relational databases; concurrent undeclared task; insider threat; knowledge acquisition; relational database system; Availability; Erbium; Organizations; Prediction algorithms; Remuneration; Security; Training; Database; Dependencies; Insider Threat; Security;
Conference_Titel :
Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
978-1-4673-2067-2
DOI :
10.1109/SERE.2012.36
