As the quantity of data collected, stored, and processed in information systems has grown, so too have insider threats. This type of threat is realized when authorized individuals misuse their privileges to violate privacy or security policies. Over the past several decades, various technologies have been introduced to mitigate the insider threat, which can be roughly partitioned into two categories: 1) prospective and 2) retrospective. Prospective technologies are designed to specify and manage a userĂ¢s rights, such that misuse can be detected and prevented before it transpires. Conversely, retrospective technologies permit users to invoke privileges aim, but investigate the legitimacy of such actions after the fact.
Despite the existence of such strategies, administrators need to answer several critical questions to put them into practice. First, given a specific circumstance, which type of strategy (i.e., prospective vs. retrospective) should be adopted? Second, given the type of strategy, which is the best approach to support it in an operational manner? Existing approaches addressing them neglect that the data captured by information systems may be able to inform the decision making. As such, the overarching goal of this dissertation is to investigate how best to answer these questions using data-driven approaches.
This dissertation makes three technical contributions. The first contribution is in the introduction of a novel approach to quantify tradeoffs for prospective and retrospective strategies, under which each strategy is translated into a classification model, whereby the misclassification costs for each model are compared to facilitate decision support. This dissertation then introduces several data-driven approaches to realize the strategies. The second contribution is for prospective strategies, with a specific focus on role-based access control (RBAC). This dissertation introduces an approach to evolve an existing RBAC based on evidence in an access log, which relies on a strategy to promote roles from candidates. The third contribution is for retrospective strategies, whereby this dissertation introduces an auditing framework that can leverage workflow information to facilitate misuse detection. These methods are empirically validated in three months of access log (million accesses) derived from a real-world information system.
| Identifer | oai:union.ndltd.org:VANDERBILT/oai:VANDERBILTETD:etd-03152016-201532 |
| Date | 17 March 2016 |
| Creators | Zhang, Wen |
| Contributors | Carl Gunter, Jules White, Yuan Xue, Bradley Malin, Gautam Biswas |
| Publisher | VANDERBILT |
| Source Sets | Vanderbilt University Theses |
| Language | English |
| Detected Language | English |
| Type | text |
| Format | application/pdf |
| Source | http://etd.library.vanderbilt.edu/available/etd-03152016-201532/ |
| Rights | unrestricted, I hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to Vanderbilt University or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, dissertation, or project report. |
Page generated in 0.0025 seconds