ContactPerson: rc27@cse.buffalo.edu Remote host: dhcp196-128.openport.buffalo.edu ### Begin Citation ### Do not delete this line ### %R 2004-16 %U /tmp/insider.pdf %A Chinchani, Ramkumar %A Iyer, Anusha %A Ngo Q., Hung %A Upadhyaya, Shambhu %T A Target-Centric Formal Model For Insider Threat And More %D October 12, 2004 %I Department of Computer Science and Engineering, SUNY Buffalo %K Computer Security, Threat Analysis, Insider Threat %Y Security, Algorithms %X The diversity of cyber threat has grown over time from network-level attacks and password-cracking to include newer classes such as insider attacks, email worms and social engineering, which are currently recognized as serious security problems. However, attack modeling and threat analy- sis tools have not evolved at the same rate. Known formal models such as attack graphs perform action-centric vulnerability modeling and analysis. All possible atomic user actions are represented as states, and sequences which lead to the violation of a specified safety property are extracted to indicate possible exploits. While attack graphs are relevant in the context of network level attacks, they are ill-equipped to address complex threats such as insider attacks. The difficulty mainly lies in the fact that adversaries belonging to this threat class use familiarity of and accessibility to their computational environment to discover new ways of launching stealthy, damaging attacks. In this paper, we propose a new target-centric model to address this class of security problems and explain the modeling methodology with specific examples. Finally, we perform quantified vulnerability analyses and prove worst case complexity results on our model.