Proactive defense of insider threats through authorization management

Authors:
Yuqing Sun;Ninghui Li;Elisa Bertino
Affiliations:
Shandong University, Jinan, China;Purdue University, West Lafeyette, IN, USA;Purdue University, West Lafeyette, IN, USA
Venue:
Proceedings of 2011 international workshop on Ubiquitous affective awareness and intelligent interaction
Year:
2011

Citing 11
Cited 0

The schematic protection model: its definition and analysis for acyclic attenuating schemes

Journal of the ACM (JACM)
Role-Based Access Control Models

Computer
Improved approximation algorithms for maximum cut and satisfiability problems using semidefinite programming

Journal of the ACM (JACM)
Computers and Intractability: A Guide to the Theory of NP-Completeness

Computers and Intractability: A Guide to the Theory of NP-Completeness
On context in authorization policy

Proceedings of the eighth ACM symposium on Access control models and technologies
On mutually exclusive roles and separation-of-duty

ACM Transactions on Information and System Security (TISSEC)
Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
An investigation of Zipf's Law for fraud detection (DSS#06-10-1826R(2))

Decision Support Systems
An approximation algorithm for multidimensional assignment problems minimizing the sum of squared errors

Discrete Applied Mathematics
Risk models for trust-based access Control(TBAC)

iTrust'05 Proceedings of the Third international conference on Trust Management
Satisfiability and resiliency in workflow systems

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Among various attacks that may potentially target information systems, insider threat is recognized as an important factor of serious damage. In this paper, we investigate this problem from the view of authorizations in the context of access control. The objectives are to assess the sensitive authorizations in a system and to make appropriate arrangement for reducing the convenience of insider fraud. The proposed analytical framework takes the security constraints and the user relationships into account besides the traditional assessment of each independent user. Specially, different fraud patterns and insider attacks are formally modeled. These concerns are meaningful in practice since with the enforcement of security constraint like Separation of Duty, a single user only possesses partial privileges for a sensitive task. Thus a person who want to launch an attack need to adopt social engineering and collude with others. Based on this framework, we study the critical user problems, which find the most critical subset of users for a sensitive task, as well as discuss how to mitigate the fraud risk to the lowest level. We show that the computational complexities of these problems are NP-hard in general case but some special cases remain tractable. An approximate solution to these problems is presented.