Insider threat likelihood assessment for flexible access control

Abstract

Users who request to access protected objects must obtain the authorization of access control systems. Among the elements of decision for such systems should be the risk of authorizing accesses under various assumptions, and one of the notions of risk is threat likelihood. Access control systems deals essentially with insider threats coming from people within the organization, such as employees, business associates or contractors, who could violate access control policies. We present in this paper a new approach for insider threat likelihood assessment for secrecy and integrity properties by considering reading and writing operations within the context of access control systems. Access operations, the trustworthiness of subjects, the sensitivity of objects, and the applied security countermeasures are all considered in the assessment of the likelihood of this category of insider threats. Both qualitative and quantitative assessments are provided. Hence our approach makes it possible to compare and calculate the likelihoods of these insider threats, leading to more flexible and more informed access control decisions in various situations.