Inside the Insider Threat

The insider problem is one of the most important problems in computer security, and indeed in all aspects of real-world security. Insiders have compromised many key societal systems and processes in domains such as government, finance, and even science. Many reports of insider attacks describe people trusted with access to sensitive information abusing that access to damage that information, compromise the privacy of that information, and collaborate with others (sometimes other insiders) to cause various kinds of failures, losses and serious harm. Indeed, the insider problem is also pernicious in the non-computer world; as the ancient Roman satirist Juvenal said, "Who will guard the guards themselves?" Any approaches therefore must have not only a technical aspect, but also a non-technical (social, political, legal, cultural, and so forth) approach. Insider attacks may be accidental or arise from conflicting policies that confuse the putative attacker. These unintentional insider attacks are as dangerous as deliberate insider attacks, but must be handled differently due to the lack of maliciousness. Understanding how to cope with unintentional insider attacks effectively is also a complex, difficult problem.

Analyzing and detecting insider threats involve both technical and non-technical approaches across many different disciplines, including human-oriented ones. This minitrack will solicit papers emphasizing this cross-cutting work as well as papers that present case studies and experiences in coping with insider attacks or preventing them.

Specific example topic areas include, but are by no means limited to:

• Approaches to detecting, preventing, and ameliorating insider threats
• Analyzing the effect of (potential or actual) insider attacks
• Data on the scope and effect of insider threats and/or attacks
• Minimizing the cost of preventative measures
• Examining the causes of insider attacks
• Multi-disciplinary approaches to the insider problem
• Measuring the effectiveness of remediation technologies and methodologies
• Insider threats and social media
• Case studies of insider threats and attacks, including unintentional attacks
• Human factors and the insider problem

More information on the mini-track chairs:

Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He was a research scientist at the Research Institute of Advanced Computer Science and was on the faculty at Dartmouth College before joining the Department of Computer Science at the University of California at Davis. His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. He is active in the areas of network security, the study of denial of service attacks and defenses, policy modeling, software assurance testing, formal modeling of access control, and the insider problem. He is also interested in electronic voting, and was one of the two principle investigators of the California Top-to-Bottom Review, which performed a technical review of all electronic voting systems certified in the State of California. He is active in information assurance education. His textbook, Computer Security: Art and Science, was published in December 2002 by Addison-Wesley Professional. He also teaches software engineering, machine architecture, operating systems, programming, and (of course) computer security.

Dr. Kara Nance is Professor and Chair of the Computer Science Department at the University of Alaska Fairbanks and runs a computer security consulting firm. Her research interests include digital forensics, data systems, network dynamics, visualization, and computer security. She is the founder and director of the Advanced Systems Security Education, Research and Training (ASSERT) Center, which is a multidisciplinary center to address computer security issues and provides an isolated networked computer environment suitable for computer security education, research, and training that is used by institutions around the world. She serves on a Senior-Executive Advisory Board for the Office of the Director of National Intelligence and is a frequent speaker on cybersecurity as it relates to national security.

Bill Claycomb is a Senior Member of Technical Staff at Carnegie Mellon University’s Software Engineering Institute, where he is the Lead Research Scientist for the CERT Enterprise Threat and Vulnerability Management team. His primary research interests focus on insider threats, specifically prediction, detection, and mitigation. He also works across teams exploring cloud computing, incident response, systems modeling, and vulnerability analysis. Prior to joining SEI in 2011, Bill was a Member of Technical Staff at Sandia National Laboratories, in Albuquerque, New Mexico, where he focused on enterprise systems management and security research, including insider threats, malware detection, and data protection.