Lecture 24: The Insider

Date: November 22, 2013
Homework due: Dec. 6 at 5:00pm
  1. What is an “insider”?
    1. Masquerader
    2. Traitor
    3. Notion of “perimeter”
  2. Types of insider attacks
    1. Misuse of access
    2. Bypassing defenses
    3. Access control failure
  3. Technological solutions: detection
    1. Policy languages (especially formal ones)
    2. Misuse and anomaly techniques
    3. Decoys
    4. Markers
    5. Data exfiltration prevention
    6. Access controls (especially Role-Based Access Control, RBAC)
    7. Trusted systems
  4. Human solutions: detection and prevention
    1. Policies: languages and hierarchies
    2. Monitoring
    3. Forensics
  5. Human solutions: predictive
    1. Taxonomies and their uses
    2. Attack-related symptoms and behaviors
    3. Semantic analysis
    4. Motivational analysis
  6. Legal considerations
  7. Response
You can also obtain a PDF version of this. Version of November 22, 2013 at 12:37PM