Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
What is included with this book?
The Insider Attack Problem Nature and Scope | p. 1 |
Introduction | p. 1 |
Types of Attack | p. 1 |
Misuse of Access | p. 1 |
Defense Bypass | p. 2 |
Access Control Failure | p. 2 |
Defend or Detect | p. 3 |
The Role of Process | p. 4 |
Conclusion | p. 4 |
Reflections on the Insider Threat | p. 5 |
Introduction | p. 5 |
Who Is an Insider? | p. 6 |
Motive | p. 6 |
Effect | p. 7 |
Defining the Insider Threat | p. 8 |
Context | p. 8 |
Insider Threat Issues | p. 9 |
Data | p. 9 |
Psychology | p. 10 |
Monitoring and Privacy | p. 12 |
Detecting Insider Attacks | p. 13 |
Technology | p. 13 |
Conclusions | p. 14 |
Acknowledgments | p. 15 |
The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures | p. 17 |
Introduction | p. 19 |
General Observations About Insider IT Sabotage | p. 20 |
Model of the Insider IT Sabotage Problem | p. 24 |
Insider Expectation Escalation | p. 25 |
Escalation of Disgruntlement | p. 26 |
Attack Setup and Concealment | p. 27 |
The Trust Trap | p. 28 |
Possible Leverage Points for Addressing the Problem | p. 29 |
Early Mitigation Through Expectation Setting | p. 29 |
Handling Disgruntlement Through Positive Intervention | p. 30 |
Targeted Monitoring | p. 31 |
Eliminating Unknown Access Paths | p. 32 |
Measures Upon Demotion or Termination | p. 34 |
A Workshop on Insider IT Sabotage | p. 35 |
The Instructional Case | p. 36 |
Conclusion | p. 39 |
Value of Modeling for Insight | p. 40 |
Related CERT Research | p. 41 |
Acknowledgments | p. 43 |
System Dynamics Background | p. 45 |
The Insider IT Sabotage Training Case | p. 48 |
Introduction | p. 48 |
Background | p. 48 |
The Final Weeks | p. 50 |
Model of the Insider IT Sabotage Problem | p. 52 |
Insider Sabotage Mitigating Measures | p. 52 |
Data Theft: A Prototypical Insider Threat | p. 53 |
Introduction | p. 53 |
Data Theft | p. 53 |
Data Leakage | p. 54 |
Risk | p. 54 |
Recommendations | p. 55 |
Status Quo | p. 55 |
History | p. 55 |
Risks & Controls | p. 55 |
Recommendations | p. 61 |
Technical Controls | p. 61 |
Administrative Controls | p. 64 |
Areas for Further Research | p. 66 |
Conclusions | p. 67 |
Acknowledgments | p. 67 |
A Survey of Insider Attack Detection Research | p. 69 |
Introduction | p. 69 |
Insider Attacks | p. 72 |
Detecting Insider Attacks | p. 73 |
Host-based User Profiling | p. 73 |
Network-Based Sensors | p. 81 |
Integrated Approaches | p. 82 |
Summary | p. 83 |
Future Research Directions | p. 85 |
Conclusion | p. 87 |
Naive Bayes as a Masquerade Detector: Addressing a Chronic Failure | p. 91 |
Introduction | p. 91 |
Related Work | p. 92 |
Background on Naive Bayes | p. 94 |
Objective and Approach | p. 94 |
Experiment With Synthetic Data | p. 95 |
Variable Selection | p. 95 |
Synthetic Data | p. 97 |
Experiment Control | p. 99 |
Procedure | p. 99 |
Results and Analysis | p. 100 |
Naive Bayes Mathematical Formulation | p. 101 |
Calculating the Anomaly Score | p. 101 |
Manipulating the Anomaly Score | p. 103 |
Effect of NBSCs | p. 105 |
Exploiting NBSCs to Cloak Attacks | p. 106 |
Naive Bayes Fortification | p. 107 |
The Fortified Detector | p. 107 |
Evaluation Methodology | p. 108 |
Evaluation Results and Analysis | p. 109 |
Discussion | p. 110 |
Conclusion | p. 111 |
Towards a Virtualization-enabled Framework for Information Traceability (VFIT) | p. 113 |
Introduction | p. 114 |
Threat Model and Requirements | p. 114 |
Background | p. 116 |
Models of Policy Enforcement | p. 116 |
Hardware Virtualization | p. 117 |
System Architecture | p. 117 |
Platform Architecture | p. 118 |
Network Architecture | p. 119 |
Implementation | p. 120 |
Virtualization-enabled Information Tracing | p. 121 |
Analysis | p. 124 |
Performance Discussion | p. 125 |
Threat Mitigation | p. 126 |
Related Work | p. 126 |
Conclusion | p. 129 |
Acknowledgments | p. 129 |
Reconfigurable Tamper-resistant Hardware Support Against Insider Threats: The Trusted ILLIAC Approach | p. 133 |
Introduction | p. 133 |
Software-based Transparent Runtime Randomization | p. 135 |
Tamper-resistant Key-store Support for Threshold Cryptography | p. 137 |
Crypto-engine Architecture | p. 138 |
Security Analysis | p. 139 |
Information Flow Signature Checking for Data Integrity | p. 140 |
Threat Model | p. 141 |
Approach | p. 141 |
Implementation | p. 143 |
System Architecture Including the Trusted Computing Engine | p. 144 |
Protecting Against Insider Attack With User-level Privileges: Runtime Guarantees | p. 146 |
Protecting Against Insider Attack with Administrative Privileges: Initialization and Runtime Guarantees | p. 147 |
Conclusions and Future Directions | p. 149 |
Surviving Insider Attacks: A Call for System Experiments | p. 153 |
Introduction | p. 153 |
Principles for Survivability | p. 155 |
Avoidance of a Single Point of Failure | p. 156 |
Independence of Failure Modes and Attack Vulnerabilities | p. 157 |
Fast Recovery from Failure and Attack | p. 158 |
Attack Deterrence | p. 159 |
Least Privilege Authorization | p. 160 |
Cost Factors | p. 161 |
Conclusion: A Call for Research and Development Experiments | p. 161 |
Preventative Directions For Insider Threat Mitigation Via Access Control | p. 165 |
Introduction | p. 165 |
Definitions and Threat Model | p. 168 |
The Insider | p. 168 |
Types of Insiders | p. 169 |
Damage of Insider Attacks | p. 169 |
Threat Model | p. 170 |
Background and Primitives | p. 171 |
Authentication and Authorization | p. 171 |
Access Control Principles | p. 172 |
MAC, DAC, and Intermediate Schemes | p. 172 |
Users and Groups | p. 173 |
Roles and Role Engineering | p. 174 |
Public Key Cryptography | p. 174 |
Requirements | p. 175 |
Functionality | p. 175 |
Usability and Cost | p. 176 |
Scale and Complexity | p. 178 |
Domain Considerations | p. 179 |
Tools | p. 181 |
Passwords: Knowledge-Based Authentication | p. 181 |
Biometrics: Physiology-Based Authentication | p. 182 |
Tokens: Possession-Based Authentication | p. 183 |
PKI: Authentication via Digital Certificates | p. 184 |
Distributed Authentication and Identity Management | p. 185 |
Distributed Authorization | p. 186 |
Ongoing Challenges | p. 188 |
A Snapshot of a Motion Picture | p. 189 |
Privilege Issuance and Review | p. 189 |
Auditing and Visualization | p. 190 |
Role Drift and Escalation | p. 190 |
Expressiveness and Need to Know | p. 191 |
Incentives | p. 191 |
Conclusions | p. 191 |
Acknowledgments | p. 192 |
Taking Stock and Looking Forward - An Outsider's Perspective on the Insider Threat | p. 195 |
Introduction | p. 196 |
What Is An "Insider Threat"? | p. 198 |
How Does The Research Community Get Better Data? | p. 201 |
Changing the Incentives that Organizations Face | p. 205 |
Integrating Technical Solutions with Social Science Perspectives | p. 209 |
Creating a Response and Recovery System for Insider Threats | p. 211 |
Conclusion | p. 213 |
Research Challenges for Fighting Insider Threat in the Financial Services Industry | p. 215 |
Introduction | p. 215 |
Employee Screening And Selection | p. 216 |
Access Controls | p. 217 |
Monitoring And Detection | p. 218 |
Hard Problems and Research Challenges Concluding Remarks | p. 219 |
Index | p. 223 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.