Privilege Graph: an Extension to the Typed Access Matrix Model
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Scenario graphs and attack graphs
Scenario graphs and attack graphs
Towards a Theory of Insider Threat Assessment
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Position: "insider" is relative
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Secrets and Lies
Detecting anomalous access patterns in relational databases
The VLDB Journal — The International Journal on Very Large Data Bases
Runtime Verification
Design and analysis of knowledge-base centric insider threat models
Design and analysis of knowledge-base centric insider threat models
We have met the enemy and he is us
Proceedings of the 2008 workshop on New security paradigms
Developing insider attack detection model: a grounded approach
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
A data-centric approach to insider attack detection in database systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE)
QEST '11 Proceedings of the 2011 Eighth International Conference on Quantitative Evaluation of SysTems
HICSS '12 Proceedings of the 2012 45th Hawaii International Conference on System Sciences
Hi-index | 0.00 |
Security is a major challenge for today's companies, especially ICT ones which manages large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insiders attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are company's employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions: it is a consequence that insiders attackers constitute an actual threat for ICT organizations. In this paper we present our ongoing work towards a methodology and supporting libraries and tools for insider threats assessment and mitigation. The ultimate objective is to quantitatively evaluate the possibility that a user will perform an attack, the severity of potential violations, the costs, and finally select the countermeasures. The methodology also includes a maintenance phase during which the assessment is updated on the basis of system evolution. The paper discusses future works towards the completion of our methodology.