20. – 25. Juli 2008, Dagstuhl-Seminar 08302

Countering Insider Threats


Matt Bishop (University of California – Davis, US)
Dieter Gollmann (TU Hamburg-Harburg, DE)
Jeffrey Hunker (Carnegie Mellon University, US)
Christian W. Probst (Technical University of Denmark – Lyngby, DK)

Auskunft zu diesem Dagstuhl-Seminar erteilt

Dagstuhl Service Team


Dagstuhl Seminar Proceedings DROPS
Dagstuhl's Impact: Dokumente verfügbar

Press Room


The “insider threat” or “insider problem” has received considerable attention, and is cited as the most serious security problem in many studies. It is also considered the most difficult problem to deal with, because an “insider” has information and capabilities not known to other, external attackers. However, the term “insider threat” is usually either not defined at all, or defined nebulously.

The difficulty in handling the insider threat is reasonable under those circumstances; if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved? It is noteworthy that, despite this imponderability, definitions of the insider threat still have some common elements. For example, a workshop report defined the problem as malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems. Elsewhere, that same report defined an insider as someone with access, privilege, or knowledge of information systems and services. Another report implicitly defined an insider as anyone operating inside the security perimeter—while already the assumption of only having a single security perimeter may be optimistic.

The goal of this Dagstuhl seminar was to bring together researchers and practitioners from different communities to discuss in a multi-national setting what the problems are we care about, what our response is, which factors influence the cost of dealing with insider threats and attacks, and so on. In a time where we barely understand which factors cause insider threats, and our solutions are scattered all over communities, areas, and instruments, this coordinated action between the involved communities seems to be needed more than ever.

This Dagstuhl seminar was, to our knowledge, the first European seminar focusing on insider threats bringing together US and European researchers and practitioners. The five days of the seminar allowed not only for a rich assortment of presentations, but even more importantly for extended discussions, both formal and informal, among the participants. We even had the opportunity for a structured exercise that challenged participants to define specific insider threats, develop the appropriate responses, and critique each others problem-solution formulation.

We would like to thank all participants of the seminar for making it a fruitful and inspiring event—and especially Dagstuhl’s wonderful staff, for their endless efforts, both before and during the seminar, to make the stay in Dagstuhl as successful as possible.

As stated above we believe that the week in Dagstuhl has been influential in heightening awareness among communities for activities and developments. During the seminar many participants expressed the wish for a community website to establish a central focal point, both for communication between communities, but also to the outside, governmental agencies, and companies. This web portal is currently under construction

Dagstuhl-Seminar Series


  • Modelling / Simulation
  • Security / Cryptography
  • Society / HCI


  • Insider Threat
  • Security Policies
  • Threat Modelling


In der Reihe Dagstuhl Reports werden alle Dagstuhl-Seminare und Dagstuhl-Perspektiven-Workshops dokumentiert. Die Organisatoren stellen zusammen mit dem Collector des Seminars einen Bericht zusammen, der die Beiträge der Autoren zusammenfasst und um eine Zusammenfassung ergänzt.


Download Übersichtsflyer (PDF).

Dagstuhl's Impact

Bitte informieren Sie uns, wenn eine Veröffentlichung ausgehend von Ihrem Seminar entsteht. Derartige Veröffentlichungen werden von uns in der Rubrik Dagstuhl's Impact separat aufgelistet  und im Erdgeschoss der Bibliothek präsentiert.


Es besteht weiterhin die Möglichkeit, eine umfassende Kollektion begutachteter Arbeiten in der Reihe Dagstuhl Follow-Ups zu publizieren.