Security and inference in multilevel database and knowledge-base systems
SIGMOD '87 Proceedings of the 1987 ACM SIGMOD international conference on Management of data
Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures
IEEE Transactions on Knowledge and Data Engineering
The inference problem: a survey
ACM SIGKDD Explorations Newsletter
Data Level Inference Detection in Database Systems
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
The inference problem and updates in relational databases
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Honeypots: Catching the Insider Threat
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Towards a Theory of Insider Threat Assessment
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
IEEE Security and Privacy
Knowledge Acquisition and Insider Threat Prediction in Relational Database Systems
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Using attack trees to identify malicious attacks from authorized insiders
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Hi-index | 0.00 |
Insider threat is considered as a serious issue in all organizations. Sophisticated insiders can override threat prevention tools and carry on their attacks with new techniques. One such technique which remains to be an advantage for insiders to attack a database is dependency relationship among data items. This paper investigates the ways by which an authorized insider detects dependencies in order to perform malicious write operations. The paper introduces a new term 'threshold', which defines the constraints and limits a write operation could take. Having threshold as the key factor, the paper proposes two different attack prevention systems which involve log and dependency graphs that aid in monitoring malicious activities and ultimately secure the data items in a database. Our proposed systems continuously monitor all the data items to prevent malicious operations, but the priority is to secure the most sensitive data items first since any damage to them can hinder the functions of critical applications that use the database. By prioritizing the data items, delay of the system is reduced in addition to mitigating insider threats arising from write operations.