Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

TACKLING INSIDER THREATS USING RISK-AND-TRUST AWARE ACCESS CONTROL APPROACHES

Baracaldo, Nathalie (2016) TACKLING INSIDER THREATS USING RISK-AND-TRUST AWARE ACCESS CONTROL APPROACHES. Doctoral Dissertation, University of Pittsburgh. (Unpublished)

[img]
Preview
PDF
Primary Text

Download (4MB)

Abstract

Insider Attacks are one of the most dangerous threats organizations face today. An insider attack occurs when a person authorized to perform certain actions in an organization decides to abuse the trust, and harm the organization by causing breaches in the confidentiality, integrity or availability of the organization’s assets. These attacks may negatively impact the reputation of the organization, its productivity, and may incur heavy losses in revenue and clients. Preventing insider attacks is a daunting task. Employees need legitimate access to effectively perform their jobs; however, at any point of time they may misuse their privileges accidentally or intentionally. Hence, it is necessary to develop a system capable of finding a middle ground where the necessary privileges are provided and insider threats are mitigated. In this dissertation, we address this critical issue.

We propose three adaptive risk-and-trust aware access control frameworks that aim at thwarting insider attacks by incorporating the behavior of users in the access control decision process. Our first framework is tailored towards general insider threat prevention in role-based access control systems. As part of this framework, we propose methodologies to specify risk-and-trust aware access control policies and a risk management approach that minimizes the risk exposure for each access request. Our second framework is designed to mitigate the risk of obligation-based systems which are difficult to manage and are particularly vulnerable to sabotage. As part of our obligation-based framework, we propose an insider-threat-resistant trust computation methodology. We emphasize the use of monitoring of obligation fulfillment patterns to determine some psychological precursors that have high predictive power with respect to potential insider threats. Our third framework is designed to take advantage of geo-social information to deter insider threats. We uncover some insider threats that arise when geo-social information is used to make access control decisions. Based on this analysis, we define an insider threat resilient access control approach to manage privileges that considers geo-social context. The models and methodologies presented in this dissertation can help a broad range of organizations in mitigating insider threats.


Share

Citation/Export:
Social Networking:
Share |

Details

Item Type: University of Pittsburgh ETD
Status: Unpublished
Creators/Authors:
CreatorsEmailPitt UsernameORCID
Baracaldo, Nathalienab62@pitt.eduNAB620000-0001-9469-045X
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Thesis AdvisorJoshi, Jamesjjoshi@pitt.eduJJOSHI
Committee MemberKrishnamurthy, Prashantprashk@pitt.eduPRASHK
Committee MemberPalanisamy, Balajibpalan@pitt.eduBPALAN
Committee MemberLudwig, Heikohludwig@us.ibm.com
Date: 13 May 2016
Date Type: Publication
Defense Date: 7 January 2016
Approval Date: 13 May 2016
Submission Date: 16 February 2016
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Number of Pages: 148
Institution: University of Pittsburgh
Schools and Programs: School of Information Sciences > Information Science
Degree: PhD - Doctor of Philosophy
Thesis Type: Doctoral Dissertation
Refereed: Yes
Uncontrolled Keywords: Insider threats, information security, risk, trust, access control systems
Date Deposited: 13 May 2016 18:03
Last Modified: 15 Nov 2016 14:31
URI: http://d-scholarship.pitt.edu/id/eprint/26802

Metrics

Monthly Views for the past 3 years

Plum Analytics


Actions (login required)

View Item View Item