Abstract
Insider threat is considered as a serious issue in all organizations. Sophisticated insiders can override threat prevention tools and carry on their attacks with new techniques. One such technique which remains to be an advantage for insiders to attack a database is dependency relationship among data items. This paper investigates the ways by which an authorized insider detects dependencies in order to perform malicious write operations. The paper introduces a new term ’threshold’, which defines the constraints and limits a write operation could take. Having threshold as the key factor, the paper proposes two different attack prevention systems which involve log and dependency graphs that aid in monitoring malicious activities and ultimately secure the data items in a database. Our proposed systems continuously monitor all the data items to prevent malicious operations, but the priority is to secure the most sensitive data items first since any damage to them can hinder the functions of critical applications that use the database. By prioritizing the data items, delay of the system is reduced in addition to mitigating insider threats arising from write operations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Schultz, E.E.: A framework for understanding and predicting insider attacks. Computers & Security 21(6), 526–531 (2002)
Predd, J., Pfleeger, S.L., Hunker, J., Bulford, C.: Insiders Behaving Badly. IEEE Security & Privacy 6(4), 66–70 (2008)
Bishop, M., Gates, C.: Defining the Insider Threat. In: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research, Tennessee, vol. 288 (2008)
Brackney, R., Anderson, R.: Understanding the insider threat. In: Proceedings of a March 2004 workshop. Technical report, RAND Corporation. Santa Monica, CA (2004)
Spitzner, L.: Honeypots: Catching the Insider Threat. In: Proceedings of the 19th Annual Computer Security Applications Conference, Washington (2003)
Ray, I., Poolsapassit, N.: Using Attack Trees to Identify Malicious Attacks from Authorized Insiders. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231–246. Springer, Heidelberg (2005)
Franqueira, V., van Eck, P.: Defense against Insider Threat: A Framework for Gathering Goal-based Requirements. In: Proceedings of the 12th International Workshop on Exploring Modeling Methods in Systems Analysis and Design (EMMSAD 2007), Trondheim, Norway (June 2007)
Yaseen, Q., Panda, B.: Knowledge Acquisition and Insider Threat Prediction in Relational Database Systems. In: Proceedings of the International Workshop on Software Security Processes, Vancouver, Canada, pp. 450–455 (2009)
Althebyan, Q., Panda, B.: A knowledge-base model for insider threat prediction. In: Proceedings of the IEEE Workshop on Information Assurance and Security, West Point, NY, pp. 239–246 (2007)
Chinchani, R., Iyer, A., Ngo, H.Q., Upadhyaya, S.: Towards a Theory of Insider Threat Assessment. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN), June 28-July 1, pp. 108–117 (2005)
Farkas, C., Jajodia, S.: The Inference Problem: A Survey. ACM SIGKDD Explorations 4, 6–11 (2002)
Farkas, C., Toland, T., Eastman, C.: The Inference Problem and Updates in Relational Databases. In: Proceedings of the 15th IFIP WG11.3 Working Conference on Database and Application Security, pp. 181–194 (2001)
Brodsky, A., Farkas, C., Jajodia, S.: Secure Databases: Constraints, Inference Channels and Monitoring Disclosures. In: Proceedings of the IEEE Trans. on Knowledge and Data Engineering, vol. 12, pp. 900–919 (2000)
Yip, R., Levitt, K.: Data Level Inference Detection in Database Systems. In: Proceedings of the 11th Computer Security Foundations Workshop, Rockport, MA, pp. 179–189 (1998)
Maybury, M., Chase, P., Cheikes, B., Brackney, D., Matznera, S., Hetherington, T., Wood, B., Sibley, C., Marin, J., Longstaff, T.: Analysis and Detection of Malicious Insiders. In: Proceedings of the International Conference on Intelligence Analysis, VA (2005)
Bradford, P., Hu, N.: A Layered Approach to Insider Threat Detection and Proactive forensics. In: Proceedings of the Twenty-First Annual Computer Security Applications Conference, Tucson, AZ (December 2005)
Morgenstern, M.: Security and Inference in Multilevel Database and Knowledge-Base Systems. In: ACM SIGMOD Record, NewYork, USA, pp. 357–373 (1987)
Mathew, S., Upadhyaya, S., Ha, D., Ngo, H.Q.: Insider abuse comprehension through capability acquisition graphs. In: Proceedings of 11th IEEE International Conference on Information Fusion, pp. 1–8 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ragavan, H., Panda, B. (2011). Mitigation of Malicious Modifications by Insiders in Databases. In: Jajodia, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2011. Lecture Notes in Computer Science, vol 7093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25560-1_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-25560-1_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25559-5
Online ISBN: 978-3-642-25560-1
eBook Packages: Computer ScienceComputer Science (R0)