Composite Role-Based Monitoring (CRBM) for Countering Insider Threats

  • Joon S. Park
  • Shuyuan Mary Ho
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3073)


Through their misuse of authorized privileges, insiders have caused great damage and loss to corporate internal information assets, especially within the Intelligence Community (IC). Intelligence management has faced increasing complexities of delegation and granular protection as more corporate entities have worked together in a dynamic collaborative environment. We have been confronted by the issue of how to share and simultaneously guard information assets from one another. Although many existing security approaches help to counter insiders’ unlawful behavior, it is still found at a preliminary level. Efficiently limiting internal resources to privileged insiders remains a challenge today. In this paper we introduce the CRBM (Composite Role-Based Monitoring) approach by extending the current role-based access control (RBAC) model to overcome its limitations in countering insider threats. CRBM not only inherits the RBAC’s advantages, such as scalable administration, least privilege, and separation of duties, but also provides scalable and reusable mechanisms to monitor insiders’ behavior in organizations, applications, and operating systems based on insiders’ current tasks.


Access Control Current Task Social Security Administration Organization Role Inside Threat 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R.H., Bozek, T., Longstaff, T., Meitzler, W., Skroch, M., Van Wyk, K.: Research on Mitigating the Insider Threat to Information Systems - #2. In: Proceedings of a Workshop Held (August 2000),
  2. 2.
    Benkoil, D.: An Unrepentant Spy: Jonathan Pollard Serving a Life Sentence., October 25 (1998)Google Scholar
  3. 3.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC) 4(3), 224–274 (2001)CrossRefGoogle Scholar
  4. 4.
    Hayden, M.V.: The Insider Threat to U. S. Government Information Systems. National Security Telecommunications and Information Systems Security Committee (NSTISSAM) INFOSEC 1-99 (July 1999),
  5. 5.
    Lamar Jr., J.V.: Two Not-So-Perfect Spies; Ronald Pelton is Convicted of Espionage as Jonathan Pollard Pleads Guilty. Time June 16 (1986)Google Scholar
  6. 6.
    Neumann, P.G.: Risks of Insiders. Communications of the ACM 42(12) (December 1999) ISSN: 0001-0782Google Scholar
  7. 7.
    Nguyen, N., Reiher, P., Kuenning, G.H.: Detecting Insider Threats by Monitoring System Call Activity. In: Proceedings of the IEEE Workshop on Information Assurance, West Point, NY (June 2001)Google Scholar
  8. 8.
    Park, J.S., Costello, K.P., Neven, T.M., Diosomito, J.A.: A Composite RBAC Approach for Large, Complex Organizations. In: 9th ACM Symposium on Access Control Models and Technologies (SACMAT), Yorktown Heights, New York, June 2-4 (2004)Google Scholar
  9. 9.
    Park, J.S., Sandhu, R., Ghanta, S.: RBAC on the Web by Secure Cookies. In: 13th IFIP WG 11.3 Working Conference on Database Security, Seattle, Washington, July 26-28 (1999)Google Scholar
  10. 10.
    Park, J.S., Sandhu, R.: Secure Cookies on the Web. IEEE Internet Computing (July-August 2000)Google Scholar
  11. 11.
    Park, J.S., Sandhu, R., Ahn, G.-J.: Role-Based Access Control on the Web. ACM Transactions on Information and System Security (TISSEC) 4(1) (February 2001)Google Scholar
  12. 12.
    Power, R.: CSI/FBI Computer Crime and Security Survey. Computer Security Issues & Trends (2002)Google Scholar
  13. 13.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.l., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2) (February 1996)Google Scholar
  14. 14.
    Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for Role Based Access Control: Towards A unified standard. In: Proceedings. Proceedings of the 5th ACM Workshop on Role Based Access Control, July 26-27 (2000)Google Scholar
  15. 15.
    Spitzner, L.: Honeypots: Catching the Insider Threat. In: Proceedings of the 19th Annual-Computer Security Applications Conference (2003)Google Scholar
  16. 16.
    Thomas, R.K., Sandhu, R.: Conceptual Foundations for a Model of Task-based Authorizations. In: Proceedings of the IEEE Computer Security Foundations Workshop (CSFW), Franconia, New Hampshire (June 1994)Google Scholar
  17. 17.
    Quigley, A.: Inside Job. netWorker 6(1), 20–24 (2002) ISSN: 1091-3556.CrossRefGoogle Scholar
  18. 18.
    Vetter, B.: An Experimental Study of Insider Attacks for OSPF Routing Protocol. In: IEEE International Conference on Network Protocols, October 1997, pp. 293–300 (1997)Google Scholar
  19. 19.
    Whitman, M.E.: Enemy at the Gate: Threats to Information Security. Communications of the ACM 46(8) (August 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Joon S. Park
    • 1
  • Shuyuan Mary Ho
    • 1
  1. 1.School of Information Studies Center for Science and TechnologySyracuse UniversitySyracuse

Personalised recommendations