Access control requirements for preventing insider threats

Authors:
Joon S. Park;Joseph Giordano
Affiliations:
Syracuse University, Syracuse, NY;Information Directorate, Air Force Research Laboratory (AFRL), Rome, NY
Venue:
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Year:
2006

Citing 19
Cited 0

Selective and locally controlled transport of privileges

ACM Transactions on Programming Languages and Systems (TOPLAS) - Lecture notes in computer science Vol. 174
Role-Based Access Control Models

Computer
A flexible authorization mechanism for relational data management systems

ACM Transactions on Information Systems (TOIS)
RBAC on the Web by smart certificates

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Protection in operating systems

Communications of the ACM
Role-based access control on the web

ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Secure and selective dissemination of XML documents

ACM Transactions on Information and System Security (TISSEC)
A logical framework for reasoning about access control models

ACM Transactions on Information and System Security (TISSEC)
Web Metadata: A Matter of Semantics

IEEE Internet Computing
Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management

Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
RBAC on the Web by Secure Cookies

Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
The Typed Access Matrix Model

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A composite rbac approach for large, complex organizations

Proceedings of the ninth ACM symposium on Access control models and technologies
Trust-X: A Peer-to-Peer Framework for Trust Establishment

IEEE Transactions on Knowledge and Data Engineering
Towards Secure Collaboration on the Semantic Web

ACM SIGCAS Computers and Society
Protection: principles and practice

AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Today the Intelligence Community (IC) has faced increasing challenges of insider threats. It is generally accepted that the cost of insider threats exceeds that of outsider threats. Although the currently available access control approaches have a great potential for preventing insider threats, there are still critical obstacles to be solved, especially in large-scale computing environments. In this paper we discuss those requirements with respect to scalability, granularity, and context-awareness. For each requirement we discussed related problems, techniques, and basic approaches to the corresponding countermeasures. Detailed solutions and implementations are not described in this paper.