Development of a Methodology for Customizing Insider Threat Auditing on a Linux Operating System

Abstract

Insider threats can pose a great risk to organizations and by their very nature are difficult to protect against. Auditing and system logging are capabilities present in most operating systems and can be used for detecting insider activity. However, current auditing methods are typically applied in a haphazard way, if at all, and are not conducive to contributing to an effective insider threat security policy. This research develops a methodology for designing a customized auditing and logging template for a Linux operating system. An intent-based insider threat risk assessment methodology is presented to create use case scenarios tailored to address an organization‟s specific security needs and priorities. These organization specific use cases are verified to be detectable via the Linux auditing and logging subsystems and the results are analyzed to create an effective auditing rule set and logging configuration for the detectable use cases. Results indicate that creating a customized auditing rule set and system logging configuration to detect insider threat activity is possible.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2010
Accession Number
ADA518467

Entities

People

  • William T. Bai

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Air Force
  • Application Software
  • Computer Access Control
  • Computers
  • Cybersecurity
  • Information Security
  • Information Systems
  • Insider Threats
  • Intrusion Detection
  • Intrusion Detectors
  • Network Protocols
  • Operating Systems
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Security Personnel

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Systems Analysis and Design