Date of Graduation

12-2010

Document Type

Thesis

Degree Name

Bachelor of Science in Computer Engineering

Degree Level

Undergraduate

Department

Computer Science and Computer Engineering

Abstract

According to Silicon.com's CIO Insight - Beware the Insider Security Threat, insiders are bigger threats to corporate security than external threats such as denial of service attacks or malware. Statistics show that 70% of fraud is perpetrated by staff and that the main data security threat comes from poorly trained or disgruntled employees who are authorized to have access to data and file stores [4]. This research project focuses specifically on the problem of insider threat in relational database systems. The project involves simulating research conducted in Qussai Yaseen and Brajendra Panda's research paper, Predicting and Preventing Insider Threat in Relational Database Systems. The objective of this project is to develop the knowledgebase for an insider as they request access to attributes in transactions. The generated knowledge base for a given user or insider is then used to develop a Threat Prediction Graph that can be used to predict and prevent insider threat. Generating the knowledge graph and threat prediction graph, which will issue warnings if insiders have the ability to infer values of data items to which they do not have authorized access, provides an effective solution to the insider threat problem in relational database systems. Conducting this test across different relational database schemas gives an idea of how long it takes to obtain unauthorized knowledge of data items for various types of relational databases and reveals which areas are most susceptible to insider threat.

Share

COinS