Inside the Insider Threat

Minitrack Description

The insider problem is one of the most important problems in computer security, and indeed in all aspects of real-world security. Insiders have compromised many key societal systems and processes in domains such as government, finance, and even science. Many reports of insider attacks describe people trusted with access to sensitive information abusing that access to damage that information, compromise the privacy of that information, and collaborate with others (sometimes other insiders) to cause various kinds of failures, losses and serious harm. Indeed, the insider problem is also pernicious in the non-computer world; as the ancient Roman satirist Juvenal said, "Who will guard the guards themselves?"

Any approaches therefore must have not only a technical aspect, but also a non-technical (social, political, legal, cultural, and so forth) approach. Insider attacks may be accidental or arise from conflicting policies that confuse the putative attacker. These unintentional insider attacks are as dangerous as deliberate insider attacks, but must be handled differently due to the lack of maliciousness. Understanding how to cope with unintentional insider attacks effectively is also a complex, difficult problem.

Analyzing and detecting insider threats involve both technical and non-technical approaches across many different disciplines, including human-oriented ones. This minitrack solicits papers emphasizing this cross- cutting work as well as papers that present case studies and experiences in coping with insider attacks or preventing them.

Minitrack topics include, but are not limited to:

• Approaches to detecting, preventing, and ameliorating insider threats
• Analyzing the effect of (potential or actual) insider attacks
• Data on the scope and effect of insider threats and/or attacks
• Minimizing the cost of preventative measures
• Examining the causes of insider attacks
• Multi-disciplinary approaches to the insider problem
• Measuring the effectiveness of remediation technologies and methodologies
• Insider threats and social media
• Case studies of insider threats and attacks, including unintentional attacks
• Human factors and the insider problem

More information on the mini-track chairs:

Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He was a research scientist at the Research Institute of Advanced Computer Science and was on the faculty at Dartmouth College before joining the Department of Computer Science at the University of California at Davis. His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. He is active in the areas of network security, the study of denial of service attacks and defenses, policy modeling, software assurance testing, formal modeling of access control, and the insider problem. He is also interested in electronic voting, and was one of the two principle investigators of the California Top-to-Bottom Review, which performed a technical review of all electronic voting systems certified in the State of California. He is active in information assurance education. His textbook, Computer Security: Art and Science, was published in December 2002 by Addison-Wesley Professional. He also teaches software engineering, machine architecture, operating systems, programming, and (of course) computer security.

Dr. Kara Nance is Professor and Chair of the Computer Science Department at the University of Alaska Fairbanks and runs a computer security consulting firm. Her research interests include digital forensics, data systems, network dynamics, visualization, and computer security. She is the founder and director of the Advanced Systems Security Education, Research and Training (ASSERT) Center, which is a multidisciplinary center to address computer security issues and provides an isolated networked computer environment suitable for computer security education, research, and training that is used by institutions around the world. She serves on the Board of Directors for the Honeynet Project and is a frequent speaker on cybersecurity as it relates to national security.

Jason W. Clark, PhD, is a researcher at Carnegie Mellon University’s Software Engineering Institute (SEI). His main area of interests are cyber-security with a focus on insider threats, specifically prediction, detection, and mitigation. He completed his Ph.D in Information Technology from George Mason University, where he specialized in cyber-crime and anonymous searching of the Internet. Prior to joining the SEI in 2012, Jason worked at the Institute for Defense Analyses (IDA) as a lead information security analyst and from 2003-2007 at the United States Census Bureau writing and reviewing security documentation and policy. He also teaches part- time undergraduate courses at Northern Virginia Community College (NVCC) and Southern New Hampshire University (SNHU).