Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Foundations and Practice of Security

FPS 2016: Foundations and Practice of Security pp 135–142Cite as

Insider Threat Likelihood Assessment for Access Control Systems: Quantitative Approach

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10128))

Abstract

Organizations need to use flexible access control mechanisms where the access decisions to critical information assets are taken dynamically. In this paper, we present a framework for insider threat likelihood assessment within the context of access control systems. Our approach takes into account information flows, the trustworthiness of subjects, the sensitivity of objects and the security countermeasures. We identify and formally describe a set of properties to be satisfied within this approach. These properties are, then used for quantitatively assessing the insider threat likelihood.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Bartsch, S.: A calculus for the qualitative risk assessment of policy override authorization. In: Proceedings of the 3rd International Conference on Security of Information and Networks, pp. 62–70. ACM (2010)

    Google Scholar 

  2. Bell, D.E., La Padula, L.J.: Secure computer system: unified exposition and multics interpretation. Technical report, DTIC Document (1976)

    Google Scholar 

  3. Bishop, M., Gates, C.: Defining the insider threat. In: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research, p. 15. ACM (2008)

    Google Scholar 

  4. Cheng, P.-C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 222–230. IEEE (2007)

    Google Scholar 

  5. Clusif. MEHARI 2010 principes fondamentaux et spécifications fonctionnelles. Club de la sécurité de l’information français (2009)

    Google Scholar 

  6. IT Global Corporate. Security risks (2013)

    Google Scholar 

  7. Khambhammettu, H., Boulares, S., Adi, K., Logrippo, L.: A framework for threat assessment in access control systems. In: IFIP International Information Security Conference, pp. 187–198. Springer (2012)

    Google Scholar 

  8. Khambhammettu, H., Boulares, S., Adi, K., Logrippo, L.: A framework for risk assessment in access control systems. Comput. Secur. 39, 86–103 (2013)

    Article  Google Scholar 

  9. Meucci, M., Muller, A.: The owasp testing guide 4.0 (2014)

    Google Scholar 

  10. International organization for Standardization: ISO/IEC 27001: Information Technology, Security Techniques, Information Security Management Systems, Requirements. ISO/IEC (2005)

    Google Scholar 

  11. Shey, H., Mak, K., Balaouras, S., Luu, B.: Understand the state of data security, privacy: 2013 to 2014. Forrester Research Inc., 1 October 2013

    Google Scholar 

Download references

Acknowledgements

This research was partially supported by the Natural Sciences and Engineering Research Council of Canada.

Author information

Authors and Affiliations

  1. Département d’informatique et d’ingénierie, Université du Québec en Outaouais, Gatineau, Quebec, Canada

    Sofiene Boulares, Kamel Adi & Luigi Logrippo

Authors
  1. Sofiene Boulares
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kamel Adi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luigi Logrippo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sofiene Boulares .

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

  2. Concordia Inst for Info, Concordia University, Montreal, Québec, Canada

    Lingyu Wang

  3. Cesson-Sevigne, Télécom Bretagne, Cesson Sévigné, France

    Nora Cuppens-Boulahia

  4. Local 3950, pavillon Adrien Pouliot, Université Laval, Quebec, Québec, Canada

    Nadia Tawbi

  5. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Boulares, S., Adi, K., Logrippo, L. (2017). Insider Threat Likelihood Assessment for Access Control Systems: Quantitative Approach. In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2016. Lecture Notes in Computer Science(), vol 10128. Springer, Cham. https://doi.org/10.1007/978-3-319-51966-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51966-1_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51965-4

  • Online ISBN: 978-3-319-51966-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation