Abstract
Through their misuse of authorized privileges, insiders have caused great damage and loss to corporate internal information assets, especially within the Intelligence Community (IC). Intelligence management has faced increasing complexities of delegation and granular protection as more corporate entities have worked together in a dynamic collaborative environment. We have been confronted by the issue of how to share and simultaneously guard information assets from one another. Although many existing security approaches help to counter insiders’ unlawful behavior, it is still found at a preliminary level. Efficiently limiting internal resources to privileged insiders remains a challenge today. In this paper we introduce the CRBM (Composite Role-Based Monitoring) approach by extending the current role-based access control (RBAC) model to overcome its limitations in countering insider threats. CRBM not only inherits the RBAC’s advantages, such as scalable administration, least privilege, and separation of duties, but also provides scalable and reusable mechanisms to monitor insiders’ behavior in organizations, applications, and operating systems based on insiders’ current tasks.
This work was supported by the ”Information Assurance for the Intelligence Community (IAIC)” program of the Advanced Research and Development Activity (ARDA).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Anderson, R.H., Bozek, T., Longstaff, T., Meitzler, W., Skroch, M., Van Wyk, K.: Research on Mitigating the Insider Threat to Information Systems - #2. In: Proceedings of a Workshop Held (August 2000), http://www.rand.org/publications/CF/CF163
Benkoil, D.: An Unrepentant Spy: Jonathan Pollard Serving a Life Sentence. ABCNEWS.com, October 25 (1998)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC) 4(3), 224–274 (2001)
Hayden, M.V.: The Insider Threat to U. S. Government Information Systems. National Security Telecommunications and Information Systems Security Committee (NSTISSAM) INFOSEC 1-99 (July 1999), http://www.nstissc.gov/Assets/pdf/NSTISSAM_INFOSEC1-99.pdf
Lamar Jr., J.V.: Two Not-So-Perfect Spies; Ronald Pelton is Convicted of Espionage as Jonathan Pollard Pleads Guilty. Time June 16 (1986)
Neumann, P.G.: Risks of Insiders. Communications of the ACM 42(12) (December 1999) ISSN: 0001-0782
Nguyen, N., Reiher, P., Kuenning, G.H.: Detecting Insider Threats by Monitoring System Call Activity. In: Proceedings of the IEEE Workshop on Information Assurance, West Point, NY (June 2001)
Park, J.S., Costello, K.P., Neven, T.M., Diosomito, J.A.: A Composite RBAC Approach for Large, Complex Organizations. In: 9th ACM Symposium on Access Control Models and Technologies (SACMAT), Yorktown Heights, New York, June 2-4 (2004)
Park, J.S., Sandhu, R., Ghanta, S.: RBAC on the Web by Secure Cookies. In: 13th IFIP WG 11.3 Working Conference on Database Security, Seattle, Washington, July 26-28 (1999)
Park, J.S., Sandhu, R.: Secure Cookies on the Web. IEEE Internet Computing (July-August 2000)
Park, J.S., Sandhu, R., Ahn, G.-J.: Role-Based Access Control on the Web. ACM Transactions on Information and System Security (TISSEC) 4(1) (February 2001)
Power, R.: CSI/FBI Computer Crime and Security Survey. Computer Security Issues & Trends (2002)
Sandhu, R.S., Coyne, E.J., Feinstein, H.l., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2) (February 1996)
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for Role Based Access Control: Towards A unified standard. In: Proceedings. Proceedings of the 5th ACM Workshop on Role Based Access Control, July 26-27 (2000)
Spitzner, L.: Honeypots: Catching the Insider Threat. In: Proceedings of the 19th Annual-Computer Security Applications Conference (2003)
Thomas, R.K., Sandhu, R.: Conceptual Foundations for a Model of Task-based Authorizations. In: Proceedings of the IEEE Computer Security Foundations Workshop (CSFW), Franconia, New Hampshire (June 1994)
Quigley, A.: Inside Job. netWorker 6(1), 20–24 (2002) ISSN: 1091-3556.
Vetter, B.: An Experimental Study of Insider Attacks for OSPF Routing Protocol. In: IEEE International Conference on Network Protocols, October 1997, pp. 293–300 (1997)
Whitman, M.E.: Enemy at the Gate: Threats to Information Security. Communications of the ACM 46(8) (August 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Park, J.S., Ho, S.M. (2004). Composite Role-Based Monitoring (CRBM) for Countering Insider Threats. In: Chen, H., Moore, R., Zeng, D.D., Leavitt, J. (eds) Intelligence and Security Informatics. ISI 2004. Lecture Notes in Computer Science, vol 3073. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25952-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-25952-7_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22125-8
Online ISBN: 978-3-540-25952-7
eBook Packages: Springer Book Archive