Detecting Insider Threats: a Trust-Aware Framework

TitleDetecting Insider Threats: a Trust-Aware Framework
Publication TypeConference Paper
Year of Publication2013
AuthorsF. Paci, C. Fernandez-Gago, and F. Moyano
Conference Name8th International Conference on Availability, Reliability and Security
Date PublishedNov 2013
Conference LocationRegensburg, Germany
ISBN Number978-0-7695-5008-4

The number of insider threats hitting organizations and big enterprises is rapidly growing. Insider threats occur when trusted employees misuse their permissions on organizational assets. Since insider threats know the organization and its processes, very often they end up undetected. Therefore, there is a pressing need for organizations to adopt preventive mechanisms to defend against insider threats. In this paper, we propose a framework for insiders identification during the early requirement analysis of organizational settings and of its IT systems. The framework supports security engineers in the detection of insider threats and in the prioritization of them based on the risk they represent to the organization. To enable the automatic detection of insider threats, we extend the SI* requirement modeling language with an asset model and a trust model. The asset model allows associating security properties and sensitivity levels to assets. The trust model allows specifying the trust level that a user places in another user with respect to a given permission on an asset. The insider threats identification leverages the trust levels associated with the permissions assigned to users, as well as the sensitivity of the assets to which access is granted. We illustrate the approach based on a patient monitoring scenario.

Citation Keymoyano2013ares
Paper File:

Supported by NESSoS