20. – 25. Juli 2008, Dagstuhl Seminar 08302
Countering Insider Threats
Matt Bishop (University of California – Davis, US)
Dieter Gollmann (TU Hamburg-Harburg, DE)
Jeffrey Hunker (Carnegie Mellon University, US)
Christian W. Probst (Technical University of Denmark – Lyngby, DK)
Auskunft zu diesem Dagstuhl Seminar erteilt
Press Room (German only)
Wie erkennt man untreue Mitarbeiter
Interview Wolfgang Back vom Computerclub Zwei mit Prof. Dr. Christian W. Probst, Technische Universität Dänemark, Folge 124, 01.09.2008
- Download der Sendung 124, 32 Kbit/s (~7 MB)
Art exhibition opens on Tuesday July 22
The “insider threat” or “insider problem” has received considerable attention, and is cited as the most serious security problem in many studies. It is also considered the most difficult problem to deal with, because an “insider” has information and capabilities not known to other, external attackers. However, the term “insider threat” is usually either not defined at all, or defined nebulously.
The difficulty in handling the insider threat is reasonable under those circumstances; if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved? It is noteworthy that, despite this imponderability, definitions of the insider threat still have some common elements. For example, a workshop report defined the problem as malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems. Elsewhere, that same report defined an insider as someone with access, privilege, or knowledge of information systems and services. Another report implicitly defined an insider as anyone operating inside the security perimeter—while already the assumption of only having a single security perimeter may be optimistic.
The goal of this Dagstuhl seminar was to bring together researchers and practitioners from different communities to discuss in a multi-national setting what the problems are we care about, what our response is, which factors influence the cost of dealing with insider threats and attacks, and so on. In a time where we barely understand which factors cause insider threats, and our solutions are scattered all over communities, areas, and instruments, this coordinated action between the involved communities seems to be needed more than ever.
This Dagstuhl seminar was, to our knowledge, the first European seminar focusing on insider threats bringing together US and European researchers and practitioners. The five days of the seminar allowed not only for a rich assortment of presentations, but even more importantly for extended discussions, both formal and informal, among the participants. We even had the opportunity for a structured exercise that challenged participants to define specific insider threats, develop the appropriate responses, and critique each others problem-solution formulation.
We would like to thank all participants of the seminar for making it a fruitful and inspiring event—and especially Dagstuhl’s wonderful staff, for their endless efforts, both before and during the seminar, to make the stay in Dagstuhl as successful as possible.
As stated above we believe that the week in Dagstuhl has been influential in heightening awareness among communities for activities and developments. During the seminar many participants expressed the wish for a community website to establish a central focal point, both for communication between communities, but also to the outside, governmental agencies, and companies. This web portal is currently under construction
Dagstuhl Seminar Series
- 12501: "Organizational Processes for Supporting Sustainable Security" (2012)
- 10341: "Insider Threats: Strategies for Prevention, Mitigation, and Response" (2010)
- Modelling / Simulation
- Security / Cryptography
- Society / HCI
- Insider Threat
- Security Policies
- Threat Modelling