Combating insider threat using behaviour based access control
Date
2013-11-13
Authors
Nderitu, Josephine W.
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Insider threat poses a great risk to financial institutions due to the mere fact that they
have privilege and authentic access to corporate and customer data. Insiders are trusted
persons, have legitimate access, have knowledge and skills of systems and their
loopholes and they operate insider the security parameter. This level of access makes
detection and prevention of malicious activities by insiders extremely difficult. The
financial services sector is especially affected by insider threat as indicated by the large
number of frauds perpetrated by their own employees. Regulatory requirements also
require players in this industry to adequately protect customer information by ensuring
that it is on a need to know basis.
The problem, therefore, becomes how to separate suspicious behaviour from legitimate
behaviour. Most mechanisms currently employed enforce more after-the-fact
approaches that are too late into the mitigation. Access control mechanisms in use
provide a more general allocation of rights to individuals internally giving them more
access than they really require. This thesis conducts a descriptive research on the
insider threat amongst players in the financial services sector. It looks at the
understanding of security practitioners in the industry on insider threats and the
mitigation strategies currently in use.
User behaviours that can be considered in making access control decisions are then
identified and applied in developing an access control framework. The framework
utilizes a more fine grained approach to access control to make access control decisions
on a real time basis hence reducing the blanket access control rights that allow users to
access data they do not necessarily need. This granularity promotes a more dynamic
way of access control and ensures that decisions to grant access to certain objects is
evaluated at run time using a number well defined rules that apply to the user
behaviour. Data used to evaluate the framework shows that a more fine grained
approach to access control is successful in better mitigating the insider threat.
Description
Submitted in partial fulfillment of the requirements for the Degree of Master of Science in
Information Technology
Keywords
Insider Threat, Behaviour Based Access Control