The Community for Technology Leaders
2014 IEEE Security and Privacy Workshops (SPW) (2014)
San Jose, CA, USA
May 17, 2014 to May 18, 2014
ISBN: 978-1-4799-5103-1
pp: 251-264
Matt Bishop , Dept. of Comput. Sci., Univ. of California at Davis, Davis, CA, USA
Heather M. Conboy , Dept. of Comput. Sci., Univ. of Massachusetts Amherst, Amherst, MA, USA
Huong Phan , Dept. of Comput. Sci., Univ. of Massachusetts Amherst, Amherst, MA, USA
Borislava I. Simidchieva , Dept. of Comput. Sci., Univ. of Massachusetts Amherst, Amherst, MA, USA
George S. Avrunin , Dept. of Comput. Sci., Univ. of Massachusetts Amherst, Amherst, MA, USA
Lori A. Clarke , Dept. of Comput. Sci., Univ. of Massachusetts Amherst, Amherst, MA, USA
Leon J. Osterweil , Dept. of Comput. Sci., Univ. of Massachusetts Amherst, Amherst, MA, USA
Sean Peisert , Dept. of Comput. Sci., Univ. of California at Davis, Davis, CA, USA
ABSTRACT
The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential "insider"). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we first describe how a process works in formal terms. We then look at the agents who are carrying out particular tasks, perform different analyses to determine how the process can be compromised, and suggest countermeasures that can be incorporated into the process model to improve its resistance to insider attack.
INDEX TERMS
Nominations and elections, Fault trees, Analytical models, Hazards, Drugs, Logic gates, Software
CITATION

M. Bishop et al., "Insider Threat Identification by Process Analysis," 2014 IEEE Security and Privacy Workshops (SPW), San Jose, CA, USA, 2014, pp. 251-264.
doi:10.1109/SPW.2014.40
887 ms
(Ver 3.3 (11022016))