Abstract:
This paper investigates insider threat in relational
database systems. It discusses the problem of inferring unauthorized
information by insiders and proposes methods to
prevent such threats. The paper defines various types of
dependencies as well as constraints on dependencies that
may be used by insiders to infer unauthorized information. It
introduces the constraint and dependency graph (CDG) that
represents dependencies and constraints. In addition, CDG
shows the paths that insiders can follow to acquire unauthorized
knowledge. Moreover, the paper presents the knowledge
graph (KG) that demonstrates the knowledgebase of an
insider and the amount of information that the insider has
about data items. To predict and prevent insider threat, the
paper defines and uses the threat prediction graph (TPG).
A TPG shows the threat prediction value (TPV) of each data
item in insiders? KG, where TPV is used to raise an alert
when an insider threat occurs. The paper provides solutions
to prevent insider threat without limiting the availability of
data items. Algorithms, theorems, proofs and experiments
are provided to show the soundness, the completeness and
the effectiveness of the proposed approaches.