Skip to main content
Open Access Publications from the University of California

UC Davis

UC Davis Previously Published Works bannerUC Davis

We Have Met the Enemy and He Is Us


The insider threat has long been considered one of the most serious threats in computer security, and one of the most difficult to combat. But the problem has never been defined precisely, and that lack of precise definition inhibits solutions. This paper presents a precise definition of insider threat, and shows how the definition enables an analysis of the set of problems traditionally lumped into "the insider threat." It introduces a hierarchy of policy abstractions, and argues that the discrepancies between the different layers of abstraction expose the potential for insider threat. It also presents a methodology for analyzing the threat based upon our definitions. In the process, we introduce Attribute-Based Group Access Control, a generalization of the Role-Based Access Control model that allows any attributes to define a group. We apply this to the insider threat by defining groups based on access capabilities, and using that to identify users with a high level of threat with respect to high-risk resources.

Many UC-authored scholarly publications are freely available on this site because of the UC's open access policies. Let us know how this access is important for you.

Main Content
For improved accessibility of PDF content, download the file to your device.
Current View