Insider Threat Assessment: a Model-Based Methodology

Research Area: Uncategorized Year: 2014
Type of Publication: Article Keywords: security,insider threats,risk assessment,attack path
Authors: Nicola Nostro; Andrea Ceccarelli; Francesco Brancati; Andrea Bondavalli
Journal: SIGOPS Operating Systems Review (OSR) journal Volume: 48
Number: 2 Pages: 3-12
Month: July
ISSN: 0163-5980
Security is a major challenge for today's companies, especially ICT ones which manage large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insider attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are company's employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions. It is a consequence that insider attackers constitute an actual threat for ICT organizations. In this paper we present our methodology, together with the application of existing supporting libraries and tools from the state-of-the-art, for insider threats assessment and mitigation. The ultimate objective is to define the motivations and the target of an insider, investigate the likeliness and severity of potential violations, and finally identify appropriate countermeasures. The methodology also includes a maintenance phase during which the assessment can be updated to reflect system changes. As case study, we apply our methodology to the crisis management system Secure!, which includes different kinds of users and consequently is potentially exposed to a large set of insider threats.

Resilient Computing Lab, 2011

Joomla - Realizzazione siti web