Skip to main content
SpringerLink
Log in

Surviving Insider Attacks: A Call for System Experiments

  • Chapter
Insider Attack and Cyber Security

Part of the book series: Advances in Information Security ((ADIS,volume 39))

Abstract

The handling of insider attacks is a significant technical challenge as little assurance theory and design practice exists to guide the design of effective, credible countermeasures for large systems and applications. Much of the relevant theory has focused on insider attacks on individual security protocols and smallscale applications. In this position paper, we suggest that confidence in a system’s resilience to insider attacks can emerge by the application of well-accepted survivability principles and design methods. We caution, however, that different tradeoffs emerge in applying these principles to practical designs, thereby requiring a careful balance among the costs of countering insider attacks, recovery from attack, and attack deterrence, and between the fine granularity of access permissions and ability to administer these permissions is a safe manner. In view of the dearth of practical solutions for surviving insider attacks in any significant-size system, we suggest that experiments in applying well-accepted principles and design methods to critical subsystems (e.g., user authentication, DNS) are necessary to provide effective and quantifiable assurances.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. A. Avizienis and J.-C. Laprie, “Dependable Computing: From Concepts to Design Diversity,” Proceedings of the IEEE, vol. 74, no. 5, May 1986.

    Google Scholar 

  2. A. Avizienis, J.-C. Laprie, B. Rendell, and C. Landwehr, “Basic Concepts and Taxonomy of Dependable and Secure Computing,” IEEE Transactions on Dependable and Secure Computing, vol.1, no. 1, Jan-Mar 2004

    Google Scholar 

  3. R. Bobba, S.I. Gavrila, V.D. Gligor, H. Khurana, and R. Koleva, “Administering Access Control in Dynamic Coalitions,” Proc. of the 19th USENIX Large Installation System Administration Conference (LISA), San Diego, CA, December 2005.

    Google Scholar 

  4. D. Boneh and M. Franklin, “Efficinet Generation of Shared RSA Keys,” Journal of the ACM (JACM), Vol. 48, Issue 4, July 2001

    Google Scholar 

  5. D. D. Clark and D.R. Wilson, “Evolution of a Model for Computer Security,” in Report of the Invitational Workshop on Data Integrity, Z. Ruthberg and W.T. Polk (eds.) NIST Special Publication 500=168, Appendix A, September 1989.

    Google Scholar 

  6. V.D. Gligor, S. I. Gavrila and D. Ferraiolo, “On the Formal Definition of Separation-of-Duty Policies and their Composition,” IEEE Symposium on Security and Privacy, Oakland, California, May 1998, pp. 172-185.

    Google Scholar 

  7. J. Gray, “The Transaction Concept: Virtues and Limitations,” Proceedings of the VLDB, Cannes, France, 1981.

    Google Scholar 

  8. P. Gupta, V. Shmatikov. Key Confirmation and Adaptive Corruptions in the Protocol Security Logic,” Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis Seattle, August 15 - 16, 2006

    Google Scholar 

  9. M.S. Hecht, M.E. Carson, C.S. Chandersekaran, R.S. Chapman, L.J. Dotterer, V.D. Gligor, W.D. Jiang, A. Johri, G. L. Luckenbaugh, and N. Vasudevan, “Unix without the Superuser,” Proc. of the USENIX Conference, Phoenix, Arizona, June 1987, pp. 243-256.

    Google Scholar 

  10. J. Katz, R. Ostrovsky and M. Yung, “Efficient Password-Based Authenticated Key Exchange Using Human-Memorable Passwords,” Advanced in Cryptography - Eurocrypt 2001, Innsbruck, Austria, May 2001.

    Google Scholar 

  11. "Two-Server Password-Only Authenticated Key Exchange," J. Katz, P. MacKenzie, G.Taban, and V. Gligor, in Proccedings of Applied Cryptography and Network Security (ACNS), N.Y. 2005

    Google Scholar 

  12. H. Khurana, V.D. Gligor, and J. Linn, “Reasoning about Joint Administration of Access Policies for Coalition Resources,” Proc. of the IEEE International Conference for Distributed Computer Systems - ICDCS, Vienna, Austria, July 2002.

    Google Scholar 

  13. National Security Agency, “A Guide to Understanding Trusted Facility Management,” National Computer Security Center, NCSC-TG-015, Version 1, 1989.

    Google Scholar 

  14. National Security Agency, “A Guide to Understanding Audit in Trusted Systems,” National Computer Security Center, NCSC-TG-001, Version 1, 1988

    Google Scholar 

  15. P. G. Neumann, “Principled Assuredly Trustworthy Compusable Architectures,” DARPA Final Report, SRI Project P11459, December 28, 2004.

    Google Scholar 

  16. R. Reeder and R. Maxion, “User Interface Dependability through Goal-Error Prevention,” International Conference on Dependable Systems and Networks, Yokohama, Japan, June 2005.

    Google Scholar 

  17. J. H. Saltzer and M.D. Schroeder, “The Protection of Information in Computer Systems, “ Proccedings of the IEEE, vol. 63, no. 9, Sept. 1975.

    Google Scholar 

  18. R. T. Simon and M.E. Zurko, “Separation of Duty in Role-Based Environments,” Proceedings of the Computer Security Foundations Workshop, Rockport, Mass. June 1997.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Carnegie Mellon University, USA

    Virgil D. Gligor

  2. Institute for Defense Analyses, 1801 N. Beauregard Street, Alexandria, VA 22311-1772, USA

    C. Sekar Chandersekaran

Authors
  1. Virgil D. Gligor
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. C. Sekar Chandersekaran
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Columbia University, 1214 Amsterdam Avenue MC 0401, New York, NY 10027-7003, USA

    Salvatore J. Stolfo , Steven M. Bellovin , Angelos D. Keromytis  & Shlomo Hershkop , ,  & 

  2. Department of Computer Science, Dartmouth College, Hanover, NH 03755-3510, USA, 6211 Sudikoff Laboratory

    Sean W. Smith  & Sara Sinclair  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Gligor, V.D., Chandersekaran, C.S. (2008). Surviving Insider Attacks: A Call for System Experiments. In: Stolfo, S.J., Bellovin, S.M., Keromytis, A.D., Hershkop, S., Smith, S.W., Sinclair, S. (eds) Insider Attack and Cyber Security. Advances in Information Security, vol 39. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-77322-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-77322-3_9

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-77321-6

  • Online ISBN: 978-0-387-77322-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation