Security policies to mitigate insider threat in the document control domain

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2004, Pages 304-313

  Pramanik, Suranjan ^a   Sankaranarayanan, Vidyaraman ^a   Upadhyaya, Shambhu ^a  

^a University at Buffalo ^*  (United States)

Author keywords

Access Control; Digital Documents; Information Flow; Insider Threat

Indexed keywords

ACCESS CONTROL; DIGITAL DOCUMENTS; INFORMATION FLOW; INSIDER THREAT;

DATA ACQUISITION; PERSONNEL; PUBLIC POLICY; SECURITY OF DATA;

CONTROL SYSTEMS;

EID: 21644453410     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2004.35     Document Type: Conference Paper

References (22)

1. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Communications of the ACM 17(7), July 1974.
2. http://www.microsoft.com/office/editions/prodinfo/technologies/irm.mspx
3. http://www.authentica.com/products/document_protection.asp
4. E. E. Schultz. A Framework for Understanding and Predicting Insider Attacks. Computers and Security 21(6), pages 526-531, 2002.
5. C. Bateman et al. A proposal for a Thread on the Insider Threat Problem Proposal. System Dynamics Modeling for Information Security: A Group Modeling Workshop, January, 2004.
6. th National Computer Security Conference, pages 296-304, October, 1989.
7. th National Computer Security Conference, pages 340-349, October, 1990.
8. F. Schneider. Enforceable security policies. ACM Transactions on Information and System Security 3(1), February, 2000.
9. L. Bauer, J. Ligatti, and D. Walker. More enforceable security policies. In Proceedings of the Workshop on Foundations of Computer Security (FCS'02), Copenhagen, Denmark, July 2002.
10. D. E. Bell and L. J. La Padula. Secure computer systems: Mathematical foundations and model. Technical Report M74-244, The MITRE Corporation, May 1973.
11. D. F. C. Brewer and M. J. Nash. The Chinese wall security policy. In IEEE Symposium on Security and Privacy, pages 206-214, Oakland, CA, May 1989.
12. D.F. Ferraiolo, D.R. Kühn, R. Chandramouli, Role Based Access Control, Artech House, 2003.
13. T. Ryutov and C. Neuman. The Specification and Enforcement of Advanced Security Policies. Policy 2002.
14. S. Godik, T. Moses, et al. extensible Access Control Markup Language (XACML) Version 1.0. OASIS standard, February, 2003.
15. M. Kudo and S. Hada. XML Document Security based on Provisional Authorization. In 7th ACM Conference on Computer and Communication Security (CCS 2000), November, 2000.
16. S. Jajodia, M. Kudo and V. S. Subramanian. Provisional Authorizations, In Gosh, A., editor, E-Commerce Security and Privacy, pages 133-159, 2001, Kluwer Academic Press, Boston.
17. M. Dacier and Y. Deswarte. The Privilege Graph: An Extension to the Typed Access Matrix Model. In European Symposium in Computer Security, 1994.
18. E. Bertino, P. A. Bonatti and E. Ferrari. TRBAC: A temporal role-based access control. ACM Transactions on Information and System Security, 4(3), pages 191-223, August, 2001.
19. M. Harrison, W. Ruzzo and J. Ullman. Protection in operating systems. CACM, pages 461-471,19(8), 1976.
20. R. Sandhu. The typed access matrix model. In IEEE Symposium on Security and Privacy, 1992.
21. th Annual Symposium on the Foundations of Computer Science, pages 33-41, October, 1976.
22. M. Bishop. Theft of information in the take-grant protection model. Journal of Computer Security, 3(4), pages 283-309, 1994/1995.