Please paraphrase the below

Types of Insiders

Differences among users may involve physical presence and logical presence. For example, there may be logical insiders who operationally are physically outside, and physical insiders who are logically outside. For present purposes, we consider both logical and physical insiders.

Clearly there are different degrees of logical insiders, relative to the nature of the systems and networks involved, the extent to which authentication and authorization are enforced, and the exact environment in which a user is operating at the moment. A user in one operational domain may be an insider at one moment and an outsider otherwise, with respect to each of the various so-called contexts noted above.

For example, if a system supports multilevel security (or multilevel integrity [1]), or even some form of multilevel availability or multilevel survivability [12]), then the existence of compartments suggests that a user can be an insider in one com- partment but an outsider in another compartment, or an insider at Top Secret but an outsider with respect to all compartments. In that a user may operate at different lev- els and compartments at different times, the concept of insider is both temporal and spatial. In some sense, all users of a single-level Top-Secret system could be called insiders with respect to confidentiality, although they would appear to be outsiders relative to those others who were cleared into a particular Top Secret compartment. Similarly, a user could be an insider with respect to multilevel security and an out- sider with repect to multilevel integrity. Thus, everything is relative to the frame of reference - what the user is trusted to be able to do, what privileges are required, what data or programs are being referenced, and whether the user authentication is strong enough to ensure that user identities are not spoofed.

With respect to conventional operating systems, database management systems, and applications functioning as single-level systems (even if lumping multilevel in-

formation into a single level, typically called system high), there are typically ordi- nary insiders who have passed the login authentication requirements and have been granted certain limited access rights. In addition, there are special users who are authorized to act as a superuser or otherwise be allocated extra-powerful privileges. In contrast, Trusted Xenix [7]) was a system in which the superuser privileges were extensively partitioned, where no one user holds all of the privileges, and where the granted privileges are insufficient to gain possession of all other privileges. (The it- erative closure of static privileges augmented by privilege-changing privileges must also be considered whenever we consider what privileges are actually attainable by a given user or group of collaborating users.) In that rather ideal case, we might have no complete insiders, but many different types of relative insiders. Unfortunately, in the absence of meaningfully secure systems and fine-grained access controls that are properly defined, properly implemented, and properly administered, that ideal is still a fantasy.

Thus, we are confronted with a wide variety of insiders that is inherently mul- tidimensional. Here, we tend to consider insiders somewhat loosely, avoiding fine nuances among different kinds of insiders. We assume that relative to a particular computational framework, insiders are users who have been authenticated to oper- ate within that framework. However, where appropriate, we qualify that to include reference to the authorized privileges that may be specifically associated with a par- ticular instance of an authenticated user (such as a system administrator).