Insider threat mitigation: Preventing unauthorized knowledge acquisition

This paper investigates insider threat in relational database systems. It discusses the problem of inferring unauthorized information by insiders and proposes methods to prevent such threats. The paper defines various types of dependencies as well as constraints on dependencies that may be used by insiders to infer unauthorized information. It introduces the constraint and dependency graph (CDG) that represents dependencies and constraints. In addition, CDG shows the paths that insiders can follow to acquire unauthorized knowledge. Moreover, the paper presents the knowledge graph (KG) that demonstrates the knowledgebase of an insider and the amount of information that the insider has about data items. To predict and prevent insider threat, the paper defines and uses the threat prediction graph (TPG). A TPG shows the threat prediction value (TPV) of each data item in insiders' KG, where TPV is used to raise an alert when an insider threat occurs. The paper provides solutions to prevent insider threat without limiting the availability of data items. Algorithms, theorems, proofs and experiments are provided to show the soundness, the completeness and the effectiveness of the proposed approaches.