Preventative Directions For Insider Threat Mitigation Via Access Control

Advances in Information Security

Volumn 39, Issue , 2008, Pages 165-193

  Sinclair, Sara ^a   Smith, Sean W ^a  

^a Dartmouth Department of Computer Science_Dartmouth College   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84875548700     PISSN: 15682633     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-77322-3_10     Document Type: Article

References (25)

1. American Dental Association. "Insurance: Medicare and Medicaid," ADA Official Website. http://www.ada.org/public/manage/insurance/medicare.asp.
2. Anderson, R. E. "Matrix Redux," Business Horizons, Nov.-Dec. 1994, 6-10.
3. Blaze, M; Feigenbaum, J.; Ioannidis, J.; and Keromytis, A. "The Role of Trust Management in Distributed Systems." Secure Internet Programming. Springer-Verlag LNCS 1603, pp 185-210. 1999.
4. Blaze, M.; Feigenbaum, J.; and Lacy, J. "Decentralized Trust Management." Proceedings of the 1996 IEEE Symposium on Security and Privacy. pp. 164-173.
5. British Broadcasting Corporation. "Passwords Revealed by Sweet Deal." BBC News, UK Edition, April 20, 2004. http://news.bbc.co.uk/1/hi/technology/3639679.stm.
6. Burns, L. R. and Wholey, D. R. "Adoption and Abandonment of Matrix Management Programs: Effects on Organizational Characteristics and Inter-organizational Networks." Academy of Management Journal, Vol. 36, 1, 106-139.
7. Chadwick, D. "The PERMIS X.509 Role Based Privilege Management Infrastructure." 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002). 2002.
8. Chadwick, D. 1994. Understanding X.500: The Directory. London: Chapman & Hall, Ltd.
9. Chadwick, D.; Otenko, A.; and Ball, E. "Role-Based Access Control with X.509 Attribute Certificates." IEEE Internet Computing. March-April 2003.
10. Department of Defense Trusted Computer System Evaluation Criteria. DoD 5200.28-STD. December 1985.
11. Donner, M.; Nochin, D.; Shasha, D.; and Walasek, W. "Algorithms and Experience in Increasing the Intelligibility and Hygiene of Access Control in Large Organizations." Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security. Kluwer, 2001
12. Ferrailio, D.F. and Kuhn, D.R. "Role Based Access Control." 15th National Computer Security Conference. 1992.
13. Ferrailio, D.F.; Kuhn, D.R.; and Chandramouli, R. 2007. Role-Based Access Control. Norwood, Massachusetts: Artech House Publishers.
14. Harrison, M.A.; Ruzzo, W.L.; and Ullmann, J.D. "Protection in Operating Systems." Communications of the ACM. 19(8): 461-470. 1976.
15. Housley, R.; Polk, W.; Ford, W.; and Solo, D. 2002 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Internet RFC 3280.
16. Lampson, B.W. "Protection." ACM Operating Systems Review. 8(1): 18-24. January 1974.
17. NIST. Role Based Access Control. http://csrc.nist.gov/rbac/
18. Neuman, B. C. and Ts'O, T. "Kerberos: An Authentication Service for Computer Networks." IEEE Communications,. 32(9):33-38. September 1994
19. Povey, D. "Optimistic Security: A New Access Control Paradigm." Proceedings of the 1999 New Security Paradigms Workshop. 40-45.
20. Richards, J.; Allen, R.; and Lowe-Norris, A. G. Active Directory, Third Edition. O'Reilly Media, January 2006.
21. Sandhu, R.S.; Coyne, E.J.; Feinstein, H.L; and Youman, C.E. "Role-Based Access Control Models." IEEE Computer. 29(2): 38-47. 1996.
22. Sasse, M.A. "Red-Eye Blink, Bendy Shuffle, and the Yuck Factor: A User Experience of Biometric Airport Systems." IEEE Security and Privacy. 5(3): 78-81. May/June 2007.
23. Smith, S. W. "Probing End-User IT Security Practices---via Homework." The Educause Quarterly. 24 (4): 68-71. November 2004.
24. Smith, S. W.; and Marchesini, J. 2008. The Craft of System Security. Indianapolis, Indiana: Addison Wesley Professional.
25. Weeks, S. "Understanding Trust Management Systems." Proceedings of the 2001 IEEE Symposium on Security and Privacy. pp. 94-105.