Composite Role-Based Monitoring (CRBM) for countering insider threats

Joon S. Park, Shuyuan Mary Ho

Research output: Contribution to journalArticle

14 Scopus citations


Through their misuse of authorized privileges, insiders have caused great damage and loss to corporate internal information assets, especially within the Intelligence Community (IC). Intelligence management has faced increasing complexities of delegation and granular protection as more corporate entities have worked together in a dynamic collaborative environment. We have been confronted by the issue of how to share and simultaneously guard information assets from one another. Although many existing security approaches help to counter insiders' unlawful behavior, it is still found at a preliminary level. Efficiently limiting internal resources to privileged insiders remains a challenge today. In this paper we introduce the CRBM (Composite Role-Based Monitoring) approach by extending the current role-based access control (RBAC) model to overcome its limitations in countering insider threats. CRBM not only inherits the RBAC's advantages, such as scalable administration, least privilege, and separation of duties, but also provides scalable and reusable mechanisms to monitor insiders' behavior in organizations, applications, and operating systems based on insiders' current tasks.

Original languageEnglish (US)
Pages (from-to)201-213
Number of pages13
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
StatePublished - Dec 1 2004

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Composite Role-Based Monitoring (CRBM) for countering insider threats'. Together they form a unique fingerprint.

  • Cite this