Mitigating Insider Threat without Limiting the Availability in Concurrent Undeclared Tasks

Abstract

Insider threat is a critical problem due to the immense harm that it poses to organizations. This paper investigates this problem in relational database systems. Generally, defending systems against insider threat may require rejecting insiders' requests to access some data items. The paper focuses on preventing unauthorized knowledge acquisition by insiders in concurrent undeclared tasks, where a task is executed as one operation at a time instead of a batch of operations, without affecting the availability of data items. It proposes approaches to predict the complete operations of undeclared tasks, and then, to organize the operations in a safe sequence that prevents the possible threat of insiders without rejecting any request. Theorems, proofs and simulations are provided to show the effectiveness of the proposed approaches.