Towards a theory of insider threat assessment

Proceedings of the International Conference on Dependable Systems and Networks

Volumn , Issue , 2005, Pages 108-117

  Chinchani, Ramkumar ^a   Iyer, Anusha ^a   Ngo, Hung Q ^a   Upadhyaya, Shambhu ^a  

^a UNIVERSITY AT BUFFALO   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INSIDER THREAT ASSESSMENT;

COMPUTATIONAL METHODS; HUMAN COMPUTER INTERACTION; PROBLEM SOLVING; SECURITY SYSTEMS;

DISTRIBUTED COMPUTER SYSTEMS;

EID: 27544447707     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/DSN.2005.94     Document Type: Conference Paper

References (21)

1. 2004 E-Crime Watch Survey: Summary Of Findings. CERT/United States Secret Service/CSO, 2004. http://www.cert.org/archive/pdf/ 2004eCrimeWatchSuramary. pdf.
2. Insider Threat Study: Illicit Cyber Activity In The Banking And Finance Sector. CERT/United States Secret Service, August 2004. http://www. secretservice.gov/ntac/its_report_040820.pdf.
3. S. Arora, C. Lund, R. Motwani, M. Sudan, and M. Szegedy. Proof Verification And The Hardness Of Approximation Problems. J. ACM, 45(3):501-555, 1998.
4. S. Arora and S. Safra. Probabilistic Checking Of Proofs: A New Characterization Of NP. J. ACM, 45(1):70-122, 1998.
5. R. Chinchani, D. Ha, A. Iyer, H. Q. Ngo, and S. Upadhyaya. On the hardness of approximating the Min-Hack problem. 2005. Technical Report 2005-05. Computer Science and Engineering, SUNY at Buffalo.
6. M. Dacier. Towards Quantitative Evaluation of Computer Security. PhD thesis, Institut National Polytechnique de Toulouse, December 1994.
7. M. Dacier and Y. Deswarte. Privilege graph: an extension to the typed access matrix model. In ESORICS, pages 319-334, 1994.
8. I. Dinur and S. Safra, On the Hardness of Approximating Label Cover. Electronic Colloquium on Computational Complexity (ECCC), 6(015), 1999.
9. U. Feige, S. Goldwasser, L. Lovász, S. Safra, and M. Szegedy. Interactive Proofs And The Hardness Of Approximating Cliques. J. ACM, 43(2):268-292, 1996.
10. M. R. Garey and D. S. Johnson. Computers and Intractability. W. H. Freeman and Co., San Francisco, Calif., 1979. A Guide To The Theory Of NP-Completeness, A Series of Books in the Mathematical Sciences.
11. J. Gorski and A. Wardzinski. Formalizing Fault Trees. Achievement and Assurance of Safety, pages 311-327, 1995.
12. J. Håstad. Some Recent Strong Inapproximability Results. In Algorithm theory - SWAT'98 (Stockholm), volume 1432 of Lecture Notes in Comput. Sci., pages 205-209. Springer, Berlin, 1998.
13. J. Håstad. Some Optimal Inapproximability Results. In STOC '97 (El Paso, TX), pages 1-10 (electronic). ACM, New York, 1999.
14. D. S. Hochbaum, editor. Approximation Algorithms for NP Hard Problems. PWS Publishing Company, Boston, MA, 1997.
15. S. Khanna, R. Motwani, M. Sudan, and U. Vazirani. On Syntactic Versus Computational Views Of Approximability. SIAM J. Comput., 28(1):164-191 (electronic), 1999.
16. C. Meadows. A Representation of Protocol Attacks for Risk Assessment. In R. N. Wright and P. G. Neumann, editors, DIMACS Series in Discrete Mathematics and Theoretical Computer Science: Network Threats, volume 38, December 1998.
17. R. Ortalo, Y. Dewarte, and M. Kaaniche. Experimenting With Quantitative Evaluation Tools For Monitoring Operation Security. IEEE Transactions on Software Engineering, 25(5):633-650, September/October 1999.
18. C. H. Papadimitriou and M. Yannakakis. Optimization, Approximation, And Complexity Classes. J. Comput. System Sci., 43(3):425-440, 1991.
19. C. Phillips and L. P. Swiler. A Graph-Based System For Network-Vulnerability Analysis. In Proceedings of 1998 New Security Paradigms Workshop, pages 71-79, Charlottesville, Virginia, 1998.
20. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing. Automated Generation and Analysis of Attack Graphs. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA., May 2002.
21. L. P. Swiler, C. Phillips, D. Ellis, and S. Chakerian. Computer-Attack Graph Generation Tool. In DARPA Information Survivability Conference and Exposition (DISCEX 11'01), volume 2, June 2001.