Sean Peisert

Home Page

Publications

Research Projects

Talks and Tutorials

Professional Service

Teaching

Students & Postdocs

Bio

Links

My Life

Photograph of me lecturing at the blackboard (credit: R. Benjamin Shapiro, 2002).

Upcoming events that I'm involved with:

CLHS (Abstracts due Apr. 4, 2013)

NSPW 2013 (Papers due Apr. 5, 2013)

CSET 2013 (Papers due Apr. 25, 2013)

S&P 2013 (May 20–22, 2013)

  		 

Research

Insider Threat

This project is looking at defining, analyzing, and seeking methods of ameliorating the insider threat. Whereas security has traditionally been defined with respect to a perimeter, using static and binary access control decisions, we assert that such a perimeter no longer exists and that traditional access control techniques inhibit authorized users from performing their job. We define the "insider threat" as a combination of (a) access to a particular resource, (b) knowledge of a particular resource, and/or (c) trust of an individual by a particular organization. Moreover, the insider threat is clearly also not binary, but a spectrum of "insiderness" based on the aforementioned qualities. We seek to develop access control solutions that integrate this understanding in combination while also being informed by social science of how users may react most optimally to system access control and countermeasures.

Researchers involved:

Researchers previously involved:

  • Deb Frincke (PNNL → DOD)
  • Sean Whalen (I3P Fellow, UC Davis and LBNL → Columbia → Mt. Sinai School of Medicine)

More information on Sophie Engle's page

No sponsors yet.

Publications resulting from this project:

"Turtles All the Way Down: A Clean-Slate, Ground-Up, First-Principles Approach to Secure Systems"
Sean Peisert, Ed Talbot, and Matt Bishop,
Proceedings of the 2012 New Security Paradigms Workshop (NSPW),
Bertinoro, Italy, September 19–21, 2012. [BibTeX]

"A Risk Management Approach to the 'Insider Threat'"
Matt Bishop, Sophie Engle, Deborah A. Frincke, Carrie Gates, Frank L. Greitzer, Sean Peisert, and Sean Whalen,
Insider Threats in Cyber Security,
"Advances in Information Security" Series, pp. 115–138,
Springer, Berlin, September 2010.

A Policy-Based Vulnerability Analysis Framework,
Sophie Jean Engle,
Ph.D. Dissertation, Department of Computer Science, University of California, Davis,
March 2010

"Case Studies of an Insider Framework"
Matt Bishop, Sophie Engle, Sean Peisert, Sean Whalen, and Carrie Gates,
Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS), Collaboration Systems and Technology Track, Cyber Security and Information Intelligence Research Minitrack,
Waikoloa, HI, January 5–8, 2009.

"We Have Met the Enemy and He is Us"
Matt Bishop, Sophie Engle, Sean Peisert, Sean Whalen, and Carrie Gates,
Proceedings of the 2008 New Security Paradigms Workshop (NSPW),
Lake Tahoe, CA, September 22–25, 2008.

The definitive versions of the papers posted on this page were first published in the venues indicated. In accordance with publisher copyright policies, these papers are pre-prints or post-prints, and are not the pubilsher's version.

Personal use of the material posted on this page is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the original publishers.

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Last modified: Tuesday, 11-Dec-2012 12:02:56 PST