Skip to main content
SpringerLink
Log in
Book cover

International Conference on Intelligence and Security Informatics

ISI 2004: Intelligence and Security Informatics pp 201–213Cite as

Composite Role-Based Monitoring (CRBM) for Countering Insider Threats

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3073))

Abstract

Through their misuse of authorized privileges, insiders have caused great damage and loss to corporate internal information assets, especially within the Intelligence Community (IC). Intelligence management has faced increasing complexities of delegation and granular protection as more corporate entities have worked together in a dynamic collaborative environment. We have been confronted by the issue of how to share and simultaneously guard information assets from one another. Although many existing security approaches help to counter insiders’ unlawful behavior, it is still found at a preliminary level. Efficiently limiting internal resources to privileged insiders remains a challenge today. In this paper we introduce the CRBM (Composite Role-Based Monitoring) approach by extending the current role-based access control (RBAC) model to overcome its limitations in countering insider threats. CRBM not only inherits the RBAC’s advantages, such as scalable administration, least privilege, and separation of duties, but also provides scalable and reusable mechanisms to monitor insiders’ behavior in organizations, applications, and operating systems based on insiders’ current tasks.

This work was supported by the ”Information Assurance for the Intelligence Community (IAIC)” program of the Advanced Research and Development Activity (ARDA).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R.H., Bozek, T., Longstaff, T., Meitzler, W., Skroch, M., Van Wyk, K.: Research on Mitigating the Insider Threat to Information Systems - #2. In: Proceedings of a Workshop Held (August 2000), http://www.rand.org/publications/CF/CF163

  2. Benkoil, D.: An Unrepentant Spy: Jonathan Pollard Serving a Life Sentence. ABCNEWS.com, October 25 (1998)

    Google Scholar 

  3. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC) 4(3), 224–274 (2001)

    Article  Google Scholar 

  4. Hayden, M.V.: The Insider Threat to U. S. Government Information Systems. National Security Telecommunications and Information Systems Security Committee (NSTISSAM) INFOSEC 1-99 (July 1999), http://www.nstissc.gov/Assets/pdf/NSTISSAM_INFOSEC1-99.pdf

  5. Lamar Jr., J.V.: Two Not-So-Perfect Spies; Ronald Pelton is Convicted of Espionage as Jonathan Pollard Pleads Guilty. Time June 16 (1986)

    Google Scholar 

  6. Neumann, P.G.: Risks of Insiders. Communications of the ACM 42(12) (December 1999) ISSN: 0001-0782

    Google Scholar 

  7. Nguyen, N., Reiher, P., Kuenning, G.H.: Detecting Insider Threats by Monitoring System Call Activity. In: Proceedings of the IEEE Workshop on Information Assurance, West Point, NY (June 2001)

    Google Scholar 

  8. Park, J.S., Costello, K.P., Neven, T.M., Diosomito, J.A.: A Composite RBAC Approach for Large, Complex Organizations. In: 9th ACM Symposium on Access Control Models and Technologies (SACMAT), Yorktown Heights, New York, June 2-4 (2004)

    Google Scholar 

  9. Park, J.S., Sandhu, R., Ghanta, S.: RBAC on the Web by Secure Cookies. In: 13th IFIP WG 11.3 Working Conference on Database Security, Seattle, Washington, July 26-28 (1999)

    Google Scholar 

  10. Park, J.S., Sandhu, R.: Secure Cookies on the Web. IEEE Internet Computing (July-August 2000)

    Google Scholar 

  11. Park, J.S., Sandhu, R., Ahn, G.-J.: Role-Based Access Control on the Web. ACM Transactions on Information and System Security (TISSEC) 4(1) (February 2001)

    Google Scholar 

  12. Power, R.: CSI/FBI Computer Crime and Security Survey. Computer Security Issues & Trends (2002)

    Google Scholar 

  13. Sandhu, R.S., Coyne, E.J., Feinstein, H.l., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2) (February 1996)

    Google Scholar 

  14. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for Role Based Access Control: Towards A unified standard. In: Proceedings. Proceedings of the 5th ACM Workshop on Role Based Access Control, July 26-27 (2000)

    Google Scholar 

  15. Spitzner, L.: Honeypots: Catching the Insider Threat. In: Proceedings of the 19th Annual-Computer Security Applications Conference (2003)

    Google Scholar 

  16. Thomas, R.K., Sandhu, R.: Conceptual Foundations for a Model of Task-based Authorizations. In: Proceedings of the IEEE Computer Security Foundations Workshop (CSFW), Franconia, New Hampshire (June 1994)

    Google Scholar 

  17. Quigley, A.: Inside Job. netWorker 6(1), 20–24 (2002) ISSN: 1091-3556.

    Article  Google Scholar 

  18. Vetter, B.: An Experimental Study of Insider Attacks for OSPF Routing Protocol. In: IEEE International Conference on Network Protocols, October 1997, pp. 293–300 (1997)

    Google Scholar 

  19. Whitman, M.E.: Enemy at the Gate: Threats to Information Security. Communications of the ACM 46(8) (August 2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Studies Center for Science and Technology, Syracuse University, Syracuse, New York

    Joon S. Park & Shuyuan Mary Ho

Authors
  1. Joon S. Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shuyuan Mary Ho
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Management Information Systems, Eller College of Management,, The University of Arizona, AZ 85721, USA

    Hsinchun Chen

  2. San Diego Supercomputer Center, 9500 Gilman Drive, CA 92093-0505, La Jolla, USA

    Reagan Moore

  3. MIS Department, University of Arizona, AZ 85721, Tucson, USA

    Daniel D. Zeng

  4. Tucson Police Department, 270 S. Stone Avenue, AZ 85701, Tucson, USA

    John Leavitt

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Park, J.S., Ho, S.M. (2004). Composite Role-Based Monitoring (CRBM) for Countering Insider Threats. In: Chen, H., Moore, R., Zeng, D.D., Leavitt, J. (eds) Intelligence and Security Informatics. ISI 2004. Lecture Notes in Computer Science, vol 3073. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25952-7_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-25952-7_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22125-8

  • Online ISBN: 978-3-540-25952-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation