Insiders behaving badly: addressing bad actors and their actions
IEEE Transactions on Information Forensics and Security
Maintaining defender's reputation in anomaly detection against insider attacks
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics - Special issue on game theory
Role-based differentiation for insider detection algorithms
Proceedings of the 2010 ACM workshop on Insider threats
A trust assignment model based on alternate actions payoff
iTrust'06 Proceedings of the 4th international conference on Trust Management
Design and implementation of document access control model based on role and security policy
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
GitBAC: Flexible access control for non-modular concerns
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Hi-index | 0.00 |
With rapid advances in online technologies, organizations are migrating from paper based resources to digital documents to achieve high responsiveness and ease of management. These digital documents are the most important asset of an organization and are hence the chief target of insider abuse. Security policies provide the first step to prevent abuse by defining proper and improper usage of resources. Coarse grained security policies that operate on the "principle of least privilege" alone are not enough to address the insider threat, since the typical insider possesses a wide range of privileges to start with. In this paper, we propose a security policy that is tailored to prevent insider abuse. We define the concept of subject, object, actions, rights, context and information flow as applicable to the document control domain. Access is allowed based on the principles of "least privilege and minimum requirements", subject to certain constraints. Unlike existing techniques, the proposed policy engine considers, among other factors, the context of a document request and the information flow between such requests to identify potential malicious insiders. Enforcing thesefine-grained access control policies gives us a better platform to prevent the insider abuse. Finally, for demonstration purposes, we present a framework that can be used to specify and enforce these policies on Microsoft Word documents, one of the popular document formats.