Abstract
By definition an insider has better access, is more trusted, and has better information about internal procedures, high-value targets, and potential weak spots in the security, than an outsider. Consequently, an insider attack has the potential to cause significant, even catastrophic, damage to the targeted organisation. While the problem is well recognised in the security community as well as in law-enforcement and intelligence communities, the main resort still is to audit log files after the fact. There has been little research into developing models, automated tools, and techniques for analysing and solving (parts of) the problem. In this paper we first develop a formal model of systems, that can describe real-world scenarios. These high-level models are then mapped to acKlaim, a process algebra with support for access control, that is used to study and analyse properties of the modelled systems. Our analysis of processes identifies which actions may be performed by whom, at which locations, accessing which data. This allows to compute a superset of audit results—before an incident occurs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bishop, M.: The Insider Problem Revisited. In: Proc. of New Security Paradigms Workshop 2005, Lake Arrowhead, CA, USA, Septenber 2005. ACM Press, NewYork (2005)
Caruso, V.L.: Outsourcing information technology and the insider threat. Master’s thesis, Air Force Inst. of Technology, Wright-Patterson Air Force Base, Ohio (2003)
CERT/US Secret Service: Insider threat study: Illicit cyber activity in the banking and finance sector (August 2004), available at www.cert.org/archive/pdf/bankfin040820.pdf
Chinchani, R., Iyer, A., Ngo, H.Q., Upadhyaya, S.: Towards a theory of insider threat assessment. In: Proceedings of the 2005 International Conference on Dependable Systems and Networks, pp. 108–117. IEEE Computer Society Press, Los Alamitos (2005)
Dacier, M., Deswarte, Y.: Privilege graph: an extension to the typed access matrix model. In: Proceedings of the European Symposium On Research In Computer Security (1994)
Gollmann, D.: Insider Fraud. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols. LNCS, vol. 1550, pp. 213–219. Springer, Heidelberg (1999)
Gorski, J., Wardzinski, A.: Formalising fault trees. In: Redmill, F., Anderson, T. (eds.) Achievement and Assurance of Safety: Proceedings of the 3rd Safety-critical Systems Symposium, Brighton, pp. 311–328. Springer, Heidelberg (1995)
Hansen, R.R., Probst, C.W., Nielson, F.: Sandboxing in myKlaim. In: ARES 2006. The First International Conference on Availability, Reliability and Security, Vienna, Austria, April 2006, IEEE Computer Society, Los Alamitos (2006)
Nicola, R.D., Ferrari, G., Pugliese, R.: KLAIM: a Kernel Language for Agents Interaction and Mobility. IEEE Transactions on Software Engineering 24(5), 315–330 (1998)
Nielson, H.R., Nielson, F.: Flow Logic: a multi-paradigmatic approach to static analysis. In: Mogensen, T.E., Schmidt, D.A., Sudborough, I.H. (eds.) The Essence of Computation. LNCS, vol. 2566, Springer, Heidelberg (2002)
Ortalo, R., Deswarte, Y., Kaâniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering 25(5), 633–650 (1999)
Patzakis, J.: New incident response best practices: Patch and proceed is no longer acceptable incident response procedure. White Paper, Guidance Software, Pasadena, CA (September 2003)
Anderson, R.H., Brackney, R.C.: Understanding the Insider Threat. RAND Corporation, Santa Monica, CA, U.S.A. (March 2005)
Shaw, E.D., Ruby, K.G., Post, J.M.: The insider threat to information systems. Security Awareness Bulletin No. 2-98, Department of Defense Security Institute (September 1998)
Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool (June 12, 2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Probst, C.W., Hansen, R.R., Nielson, F. (2007). Where Can an Insider Attack?. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds) Formal Aspects in Security and Trust. FAST 2006. Lecture Notes in Computer Science, vol 4691. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75227-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-75227-1_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75226-4
Online ISBN: 978-3-540-75227-1
eBook Packages: Computer ScienceComputer Science (R0)