Guest Editorial: Insider Threat Solutions - Moving from Concept to Reality

As society has embraced technology and systems to promote services, trade and ubiquitous communication, it has also inadvertently exposed itself to a plethora of security risks. One of the most significant of these risks is that of insider threat, where privileged insiders (be they employees or trusted thirdparties) within an enterprise, intentionally or inadvertently cause harm their organisations [1]. While the topic of insider threat has been examined and researched for decades [2, 3], the problem still persists, and some would even argue that it is becoming worse [4]. Could this be the result of a disconnect between approaches and solutions being researched and those that are (or can be) actually implemented? In this special issue titled, “Insider Threat Solutions: Moving from Concept to Reality”, we focus on novel systems to tackle insider threat which also provide a clear path for how they can be deployed in organisations. Our aim is to help bridge the gap between research concepts and the reality that businesses face day-to-day as they seek to prevent, detect and respond to insider attacks. This special issue includes four papers that outline novel and practical approaches to addressing the insider threat challenge. They focus on various solution perspectives, from multi-policy access control systems to formal approaches for network security policy validation. These best papers are selected from articles submitted to, and presented in, the 8th International Workshop on Managing Insider Security Threats (MIST) [3] which was held in Conjunction with ACM SIGSAC Conference on Computer and Communications Security 2016 at the Hofburg Palace, Vienna, Austria, on October 24-28, 2016. The first article, “Linear Time Algorithms to Restrict Insider Access using Multi-Policy Access Control Systems” [5], discusses an implementation of the Next Generation Access Control (NGAC) standard from the American National Standards Institute (ANSI). The main contributions of their research are: (a) being the first ever study to demonstrate the scalability of the NGAC multi-policy access control system; (b) the creation of a novel visualization approach to enable review of user object access on NGAC systems; and (c) the definition of linear time algorithms for performing access control decisions and review of user access rights. In the second article, “Formalising Policies for Insider-threat Detection: A Tripwire Grammar” [6], the authors describe their recent research into how they intend to enhance anomaly detection systems by capturing actions of concern. They view concerning actions as something that they can design and implement tripwires within a system to detect. The aim, therefore, being to orchestrate these tripwires in conjunction with an anomaly detection system to better detect insider attacks. Overall, their work seeks to provide a single framework for unambiguously capturing tripwires, alongside a library of existing ones in use. Therefore, tripwires may be used to map experiences regardless of the heterogeneity of the security tools and practices deployed. The third article, “Insider Threats and Auctions: Formalization, Mechanized Proof, and Code Generation” [7], applies machine assisted formal methods to explore insider threats for auctions. The contributions of the paper are: (a) a formalization of the cocaine protocol using Isabelle’s inductive approach including the formalization and proof of the absence of the sweetheart deal and the impossibility of