Where can an insider attack?

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4691 LNCS, Issue , 2007, Pages 127-142

  Probst, Christian W ^a   Hansen, René Rydhof ^b   Nielson, Flemming ^a  

^a TECHNICAL UNIVERSITY OF DENMARK   (Denmark)

^b UNIVERSITY OF COPENHAGEN   (Denmark)

Author keywords

[No Author keywords available]

Indexed keywords

ENGINEERING RESEARCH; INFORMATION ANALYSIS; LAW ENFORCEMENT; PROBLEM SOLVING;

AUTOMATED TOOLS; INTELLIGENCE COMMUNITIES;

SECURITY OF DATA;

EID: 38149049950     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-75227-1_9     Document Type: Conference Paper

References (15)

1. Bishop, M.: The Insider Problem Revisited. In: Proc. of New Security Paradigms Workshop 2005, Lake Arrowhead, CA, USA, Septenber 2005. ACM Press, NewYork (2005)
2. Caruso, V.L.: Outsourcing information technology and the insider threat. Master's thesis, Air Force Inst. of Technology, Wright-Patterson Air Force Base, Ohio (2003)
3. CERT/US Secret Service: Insider threat study: Illicit cyber activity in the banking and finance sector (August 2004) available at www.cert.org/archive/ pdf/bankfin040820.pdf
4. Chinchani, R., Iyer, A., Ngo, H.Q., Upadhyaya, S.: Towards a theory of insider threat assessment. In: Proceedings of the 2005 International Conference on Dependable Systems and Networks, pp. 108-117. IEEE Computer Society Press, Los Alamitos (2005)
5. Dacier, M., Deswarte, Y.: Privilege graph: an extension to the typed access matrix model. In: Proceedings of the European Symposium On Research In Computer Security (1994)
6. Gollmann, D.: Insider Fraud. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols. LNCS, vol. 1550, pp. 213-219. Springer, Heidelberg (1999)
7. Gorski, J., Wardzinski, A.: Formalising fault trees. In: Redmill, F., Anderson, T. (eds.) Achievement and Assurance of Safety: Proceedings of the 3rd Safety-critical Systems Symposium, Brighton, pp. 311-328. Springer, Heidelberg (1995)
8. Hansen, R.R., Probst, C.W., Nielson, F.: Sandboxing in myKlaim. In: ARES'06. The First International Conference on Availability, Reliability and Security, Vienna, Austria, April 2006, IEEE Computer Society, Los Alamitos (2006)
9. Nicola, R.D., Ferrari, G., Pugliese, R.: KLAIM: a Kernel Language for Agents Interaction and Mobility. IEEE Transactions on Software Engineering 24(5), 315-330 (1998)
10. Nielson, H.R., Nielson, F.: Flow Logic: a multi-paradigmatic approach to static analysis. In: Mogensen, T.E., Schmidt, D.A., Sudborough, I.H. (eds.) The Essence of Computation. LNCS, vol. 2566, Springer, Heidelberg (2002)
11. Ortalo, R., Deswarte, Y., Kaâniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering 25(5), 633-650 (1999)
12. Patzakis, J.: New incident response best practices: Patch and proceed is no longer acceptable incident response procedure. White Paper, Guidance Software, Pasadena, CA (September 2003)
13. Anderson, R.H., Brackney, R.C.: Understanding the Insider Threat. RAND Corporation, Santa Monica, CA, U.S.A., March 2005 (2005)
14. Shaw, E.D., Ruby, K.G., Post, J.M.: The insider threat to information systems. Security Awareness Bulletin No. 2-98, Department of Defense Security Institute September 1998 (1998)
15. Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool (June 12, 2001)