SaTC: CORE: Small: An Attribute-based Insider Threat Mitigation Framework

SaTC：核心：小型：基于属性的内部威胁缓解框架

• 批准号: 2406038
• 负责人: Daniel Takabi
• 金额: $ 44.2万
• 依托单位: Old Dominion University Research Foundation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2024-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2406038&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Attribute; based

Defending against a malicious insider who attempts to abuse his computer privileges is one of the most critical problems facing the information security segment. This is because the damage inflicted is potentially catastrophic. While the insider threat is of increasing interest in the research community, major challenges remain in addressing aspects specific to information infrastructure protection. This project aims to develop an innovative, demonstrable approach to mitigate insider threats to an organization. The new mechanisms developed in this project will substantially enhance the state-of-the-art in securing enterprises including private and public sectors. It will improve an organization's preparedness to thwart these important threats, and will reduce the risk for the organizations to be negatively influenced by these threats and endure potentially negative economic and societal impacts. The project will involve both graduate and undergraduate students, contributing to a strengthened relationship between education and research. By getting involved in different aspects of the project, students will be trained in a critical area of national security, thereby enhancing their careers and contributing to their professional growth. The project develops novel analysis, design techniques, and toolkits to better protect an organization's critical assets from insider threat and unauthorized access. Access control systems are fundamental to mitigating insider threats and attribute-based access control (ABAC) has emerged as a promising model in recent years. This project develops a comprehensive framework based on ABAC that utilizes a combination of moving target defense (MTD) and deception techniques to address insider threat challenges. This is achieved through the development of several components in a systematic way. The first is a scientific foundation for defensive deception that includes deception modeling and planning, and an approach to generate consistent and affordable deception plans for insider threat prevention. The second utilizes moving target defense techniques to increase the cost and time burden on the insider to achieve an unauthorized access by proactively changing ABAC system configurations. The third one introduces the notion of honey elements in ABAC, and integrates them with active deception and moving target defense techniques. The framework will result in a significant improvement in the security of the large-scale enterprises so that proactive countermeasures for insider threats could be deployed with consideration of the system security requirements, and effectiveness of countermeasures. The proof-of-concept prototype will demonstrate the ability to monitor insider access and enforce corresponding authorization policies to mitigate insider threats.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

防御恶意内部人员试图滥用其计算机权限是信息安全领域面临的最关键问题之一。这是因为所造成的损害可能是灾难性的。虽然研究界对内部威胁越来越感兴趣，但在解决信息基础设施保护的具体方面仍然存在重大挑战。该项目旨在开发一种创新的、可论证的方法，以减轻组织面临的内部威胁。该项目中开发的新机制将大大提高包括私营和公共部门在内的企业安全保障的最新水平。它将提高组织抵御这些重要威胁的准备程度，并降低组织受到这些威胁负面影响和承受潜在负面经济和社会影响的风险。该项目将涉及研究生和本科生，有助于加强教育和研究之间的关系。通过参与该项目的不同方面，学生将在国家安全的一个关键领域接受培训，从而提高他们的职业生涯，并为他们的专业成长做出贡献。 该项目开发了新颖的分析、设计技术和工具包，以更好地保护组织的关键资产免受内部威胁和未经授权的访问。访问控制系统是缓解内部威胁的基础，基于属性的访问控制（ABAC）近年来已成为一种有前途的模型。该项目开发了一个基于ABAC的综合框架，利用移动目标防御（MTD）和欺骗技术的组合来解决内部威胁的挑战。这是通过系统地开发几个组件来实现的。第一个是防御性欺骗的科学基础，包括欺骗建模和规划，以及为内部威胁预防生成一致且负担得起的欺骗计划的方法。第二种是利用移动目标防御技术，通过主动改变ABAC系统配置来增加内部人员的成本和时间负担，以实现未经授权的访问。第三章介绍了ABAC中蜂蜜元素的概念，并将其与主动欺骗和移动目标防御技术相结合。该框架将导致在大型企业的安全性的显着改善，使内部威胁的主动对策，可以部署考虑系统的安全需求，和对策的有效性。概念验证原型将展示监控内部访问和执行相应授权策略以减轻内部威胁的能力。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。