ABSTRACT

Organizations that process sensitive information must con-

tend with the insider threat. Examples of sensitive informa-

tion include proprietary, privacy, financial, or classified

government information. The insider threat occurs when

individuals authorized access to a system and its information

willingly decide to violate policies by negatively impact-

ing the confidentiality, integrity, or availability of the

system or information. Modern operating systems contain

a variety of security controls that include authentication,

auditing, and access control list (ACL) mechanisms that

can be used to hold individuals accountable and limit the

possible damage that may occur.[1] Security controls are

configured to support an organization’s security policy.

Unfortunately, many applications do not provide a cap-

ability to extend the security policy to the user’s inter-

face.[2] This situation provides an avenue for the

malicious user surreptitiously to alter or remove sensitive

information through normal interfaces provided by the

system and its applications. Due to the lack of granular

security policy enforcement on application interfaces,

organizations rely on written policies, training, and

especially trust to protect sensitive information.