ABSTRACT
Organizations that process sensitive information must con-
tend with the insider threat. Examples of sensitive informa-
tion include proprietary, privacy, financial, or classified
government information. The insider threat occurs when
individuals authorized access to a system and its information
willingly decide to violate policies by negatively impact-
ing the confidentiality, integrity, or availability of the
system or information. Modern operating systems contain
a variety of security controls that include authentication,
auditing, and access control list (ACL) mechanisms that
can be used to hold individuals accountable and limit the
possible damage that may occur.[1] Security controls are
configured to support an organization’s security policy.
Unfortunately, many applications do not provide a cap-
ability to extend the security policy to the user’s inter-
face.[2] This situation provides an avenue for the
malicious user surreptitiously to alter or remove sensitive
information through normal interfaces provided by the
system and its applications. Due to the lack of granular
security policy enforcement on application interfaces,
organizations rely on written policies, training, and
especially trust to protect sensitive information.