Information Technology Reference
In-Depth Information
Developing an Insider Threat Model Using
Functional Decomposition
Jonathan W. Butts, Robert F. Mills, and Rusty O. Baldwin
Air Force Institute of Technology
, Dayton OH 45433, USA
jonathan.butts@afit.edu
Abstract.
Addressing the insider threat using a systematic and for-
mulated methodology is an inherently dicult process. This is because
the problem is typically viewed in an abstract manner and a sucient
method for defining a way to categorically represent the threat has not
been developed. The solution requires a security model that clearly iden-
tifies a process for classifying malicious insider activities. To be effective
the model must compartmentalize the threat and attack it consistently.
The purpose of this paper is to present a methodology for accurately
defining the malicious insider and describe a process for addressing the
threat in a systematic manner. Our model presents a definable taxonomy
of the malicious insider and demonstrates a method for decomposing the
abstract threat into a solvable and analyzable process.
1Orvew
The development of an insider threat model continues to be an elusive task. In
August, 2000 an insider threat workshop of leading security professionals met
to discuss the malicious insider and determined there is a specific need for a
well-defined taxonomy and a comprehensive insider threat model [1]. To date,
there has been little advancement by the security community in achieving these
requirements. It is the goal of our research to address these issues by effectively
defining the malicious insider and providing a model for determining the security
of a system against this threat.
There has been relatively little work done in developing a model that encom-
passes the full spectrum of malicious insider activities. Previous work has focused
on certain aspects of the problem but has not lead to a systematic method for
defining the characteristics of an attack. To mitigate the malicious insider, it is
necessary to have a comprehensive model that can be used to define the threat
in a consistent and collaborated manner.
The views expressed in this article are those of the authors and do not reflect the
ocial policy or position of the United States Air Force, Department of Defense, or
the U.S. Government.
