SaTC: CORE: Small: An Attribute-based Insider Threat Mitigation Framework

SaTC：核心：小型：基于属性的内部威胁缓解框架

• 批准号: 2406038
• 负责人: Daniel Takabi
• 金额: $ 44.2万
• 依托单位: Old Dominion University Research Foundation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2024-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2406038&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Attribute; based

Defending against a malicious insider who attempts to abuse his computer privileges is one of the most critical problems facing the information security segment. This is because the damage inflicted is potentially catastrophic. While the insider threat is of increasing interest in the research community, major challenges remain in addressing aspects specific to information infrastructure protection. This project aims to develop an innovative, demonstrable approach to mitigate insider threats to an organization. The new mechanisms developed in this project will substantially enhance the state-of-the-art in securing enterprises including private and public sectors. It will improve an organization's preparedness to thwart these important threats, and will reduce the risk for the organizations to be negatively influenced by these threats and endure potentially negative economic and societal impacts. The project will involve both graduate and undergraduate students, contributing to a strengthened relationship between education and research. By getting involved in different aspects of the project, students will be trained in a critical area of national security, thereby enhancing their careers and contributing to their professional growth. The project develops novel analysis, design techniques, and toolkits to better protect an organization's critical assets from insider threat and unauthorized access. Access control systems are fundamental to mitigating insider threats and attribute-based access control (ABAC) has emerged as a promising model in recent years. This project develops a comprehensive framework based on ABAC that utilizes a combination of moving target defense (MTD) and deception techniques to address insider threat challenges. This is achieved through the development of several components in a systematic way. The first is a scientific foundation for defensive deception that includes deception modeling and planning, and an approach to generate consistent and affordable deception plans for insider threat prevention. The second utilizes moving target defense techniques to increase the cost and time burden on the insider to achieve an unauthorized access by proactively changing ABAC system configurations. The third one introduces the notion of honey elements in ABAC, and integrates them with active deception and moving target defense techniques. The framework will result in a significant improvement in the security of the large-scale enterprises so that proactive countermeasures for insider threats could be deployed with consideration of the system security requirements, and effectiveness of countermeasures. The proof-of-concept prototype will demonstrate the ability to monitor insider access and enforce corresponding authorization policies to mitigate insider threats.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

捍卫试图滥用计算机特权的恶意内部人士是信息安全部门面临的最关键问题之一。这是因为造成的损害可能是灾难性的。尽管内部人士的威胁是对研究界的兴趣增加，但在解决信息基础设施保护特定方面的主要挑战仍然存在。该项目旨在开发一种创新的，可证明的方法来减轻内幕对组织的威胁。该项目中开发的新机制将大大增强确保包括私营和公共部门在内的企业的最新机制。它将改善组织对挫败这些重要威胁的准备，并将降低组织对这些威胁产生负面影响并忍受潜在的负面经济和社会影响的风险。该项目将涉及研究生和本科生，从而有助于教育与研究之间的关系。通过参与该项目的不同方面，学生将在国家安全的关键领域接受培训，从而增强他们的职业并为他们的职业发展做出贡献。 该项目开发了新颖的分析，设计技术和工具包，以更好地保护组织的关键资产免受内幕威胁和未经授权的访问。访问控制系统是缓解内部人士威胁的基础，近年来已经成为一种有前途的模型。该项目开发了一个基于ABAC的综合框架，该框架利用了移动目标防御（MTD）和欺骗技术的结合来应对内部威胁挑战。这是通过以系统的方式开发多个组件来实现的。首先是防御性欺骗的科学基础，其中包括欺骗建模和计划，也是为预防内部威胁的一致且负担得起的欺骗计划而产生一致且负担得起的欺骗计划。第二种利用移动目标防御技术来增加内部人员的成本和时间负担，以通过主动更改ABAC系统配置来实现未经授权的访问。第三个引入了ABAC中蜂蜜元素的概念，并将其与主动欺骗和行动的目标防御技术融为一体。该框架将显着改善大型企业的安全性，因此可以考虑到系统安全要求以及对策的有效性，以实行内部威胁的主动对策。概念验证原型将证明能够监视内部访问权限并执行相应的授权政策以减轻内部威胁。该奖项反映了NSF的法定任务，并认为通过基金会的知识分子的智力优点和更广泛的影响来通过评估来获得支持。