Insider Threat Assessment: A Theory for Understanding and Analyzing Attacks

1. Towards A Theory Of Insider Threat AssessmentAuthors: Ramkumar Chinchani, Anusha Iyer Hung Q Ngo, Shambhu UpadhyayaInternational Conference on Dependable Systems and Networks2005 (DSN 2005), pp. 108 - 117, 2005 Present by : Zhongxia Ma Department of Computer Science University of Auckland

2. Summary • Gives readers some background information about insider threat • Introduces the authors’ model(key challenge graph) • Uses key challenge graph to simulate the insider threat • Analyses the possible insider attack strategies • Compares and contrasts the key challenge graph with other relevant models

3. Appreciative CommentPaper gives enough background information about insider threat • Explains what insider threats are, what damages the insider threats can cause, and why detect insider threats is hard. • Readers get a very clear idea of what the paper is going to talk about. • Readers also get some basic knowledge about insider threats. • The words like “FBI/CSI” also attract readers’ attention.

4. Appreciative CommentThe key challenge graph model is good • Easy to understand, easy to remember • Widely used (simulate social engineering attacks) • Compare with other relevant models, the key challenge graph is batter for the insider threat problem key Key Middle vertex key Start vertex Target vertex Key challenge

5. Critical CommentMisleading terminology • Key (here means information on a vertex not the cryptographic key) • Key challenge, a authorization process. (key means an cryptographic key ) • The key to thekeychallenge key key challenge Key Middle vertex key Start vertex Target vertex

6. Question? • If a student plan to hack into Clark's computer to change his grade from a lab computer, do you think he can success? key Key Middle vertex key Start vertex Target vertex Key challenge