A methodology and supporting techniques for the quantitative assessment of insider threats

Authors:
Nicola Nostro;Andrea Ceccarelli;Andrea Bondavalli;Francesco Brancati
Affiliations:
University of Firenze, Viale Morgagni, Firenze, Italy;University of Firenze, Viale Morgagni, Firenze, Italy;University of Firenze, Viale Morgagni, Firenze, Italy;Resiltech S.r.l., Piazza Nilde Iotti, Pontedera (Pisa), Italy
Venue:
Proceedings of the 2nd International Workshop on Dependability Issues in Cloud Computing
Year:
2013

Citing 13
Cited 0

Privilege Graph: an Extension to the Typed Access Matrix Model

ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Scenario graphs and attack graphs

Scenario graphs and attack graphs
Towards a Theory of Insider Threat Assessment

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Position: "insider" is relative

NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Secrets and Lies

Secrets and Lies
Detecting anomalous access patterns in relational databases

The VLDB Journal — The International Journal on Very Large Data Bases
Runtime Certification

Runtime Verification
Design and analysis of knowledge-base centric insider threat models

Design and analysis of knowledge-base centric insider threat models
We have met the enemy and he is us

Proceedings of the 2008 workshop on New security paradigms
Developing insider attack detection model: a grounded approach

ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
A data-centric approach to insider attack detection in database systems

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE)

QEST '11 Proceedings of the 2011 Eighth International Conference on Quantitative Evaluation of SysTems
Fraud Prediction and the Human Factor: An Approach to Include Human Behavior in an Automated Fraud Audit

HICSS '12 Proceedings of the 2012 45th Hawaii International Conference on System Sciences

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security is a major challenge for today's companies, especially ICT ones which manages large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insiders attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are company's employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions: it is a consequence that insiders attackers constitute an actual threat for ICT organizations. In this paper we present our ongoing work towards a methodology and supporting libraries and tools for insider threats assessment and mitigation. The ultimate objective is to quantitatively evaluate the possibility that a user will perform an attack, the severity of potential violations, the costs, and finally select the countermeasures. The methodology also includes a maintenance phase during which the assessment is updated on the basis of system evolution. The paper discusses future works towards the completion of our methodology.