Sean Peisert

Home Page


Research Projects


Talks and Tutorials

Professional Service


Students & Postdocs




Photograph of me lecturing at the blackboard (credit: R. Benjamin Shapiro, 2002).

Upcoming events that I'm involved with:

NSPW 2017 (Oct. 2–4, 2017)

S&P 2018 (May 20–24, 2018)

CSET 2018 (Aug. 2018)

S&P 2019 (May 19–23, 2019)



Insider Threat

This project is looking at defining, analyzing, and seeking methods of ameliorating the insider threat. Whereas security has traditionally been defined with respect to a perimeter, using static and binary access control decisions, we assert that such a perimeter no longer exists and that traditional access control techniques inhibit authorized users from performing their job. We define the "insider threat" as a combination of (a) access to a particular resource, (b) knowledge of a particular resource, and/or (c) trust of an individual by a particular organization. Moreover, the insider threat is clearly also not binary, but a spectrum of "insiderness" based on the aforementioned qualities. In the past, we have sought to develop access control solutions that integrate this understanding in combination while also being informed by social science of how users may react most optimally to system access control and countermeasures. More recently, we have used a process modeling and analysis approach in the context of elections to evaluate insider threats.

Researchers involved at UC Davis:

Researchers previously involved:

  • Sophie Engle (UC Davis → University of San Francisco)
  • Deb Frincke (PNNL → DOD)
  • Carrie Gates (CA Labs → Dell)
  • Sean Whalen (I3P Fellow, UC Davis and LBNL → Columbia → Mt. Sinai School of Medicine → UCSF)

More information on our past insider threat work on Sophie Engle's page

No sponsors yet.

Publications resulting from this project:

"Insider Detection by Process Analysis"
Matt Bishop, Heather Conboy, Huong Phan, Borislava I. Simidchieva, George Avrunin, Lori Clarke, Lee Osterweil, and Sean Peisert,
Proceedings of the 2014 Workshop on Research for Insider Threat (WRIT), IEEE Computer Society Security and Privacy Workshops, San Jose, CA, May 18, 2014. [BibTeX] [DOI] [Authoritative] [CDL]

"Information Behaving Badly"
Julie Ard, Matt Bishop, Carrie Gates, and Michael Xin Sun
Proceedings of the 2013 New Security Paradigms Workshop (NSPW), pp. 107–118, Banff, Canada, September 2013.

"Turtles All the Way Down: A Clean-Slate, Ground-Up, First-Principles Approach to Secure Systems"
Sean Peisert, Ed Talbot, and Matt Bishop,
Proceedings of the 2012 New Security Paradigms Workshop (NSPW), pp. 15–26, Bertinoro, Italy, September 19–21, 2012. [BibTeX] [DOI] [OA] [CDL]

"A Risk Management Approach to the 'Insider Threat'"
Matt Bishop, Sophie Engle, Deborah A. Frincke, Carrie Gates, Frank L. Greitzer, Sean Peisert, and Sean Whalen,
Insider Threats in Cyber Security, "Advances in Information Security" Series, pp. 115–138, Springer, Berlin, September 2010. [BibTeX] [DOI] [CDL]

A Policy-Based Vulnerability Analysis Framework,
Sophie Jean Engle,
Ph.D. Dissertation, Department of Computer Science, University of California, Davis, March 2010

"Case Studies of an Insider Framework"
Matt Bishop, Sophie Engle, Sean Peisert, Sean Whalen, and Carrie Gates,
Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS), Collaboration Systems and Technology Track, Cyber Security and Information Intelligence Research Minitrack, Waikoloa, HI, January 5–8, 2009. [BibTeX] [DOI] [CDL]

"We Have Met the Enemy and He is Us"
Matt Bishop, Sophie Engle, Sean Peisert, Sean Whalen, and Carrie Gates,
Proceedings of the 2008 New Security Paradigms Workshop (NSPW), pp. 1–11, Lake Tahoe, CA, September 22–25, 2008. [BibTeX] [DOI] [OA] [CDL]

The definitive versions of the papers posted on this page were first published in the venues indicated. In accordance with publisher copyright policies, these papers are pre-prints or post-prints, and are not the pubilsher's version.

Personal use of the material posted on this page is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the original publishers.

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Last modified: Monday, 02-Mar-2015 16:00:51 PST