SaTC: CORE: Small: An Attribute-based Insider Threat Mitigation Framework

SaTC：核心：小型：基于属性的内部威胁缓解框架

• 批准号: 2406038
• 负责人: Daniel Takabi
• 金额: $ 44.2万
• 依托单位: Old Dominion University Research Foundation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2024-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2406038&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Attribute; based

Defending against a malicious insider who attempts to abuse his computer privileges is one of the most critical problems facing the information security segment. This is because the damage inflicted is potentially catastrophic. While the insider threat is of increasing interest in the research community, major challenges remain in addressing aspects specific to information infrastructure protection. This project aims to develop an innovative, demonstrable approach to mitigate insider threats to an organization. The new mechanisms developed in this project will substantially enhance the state-of-the-art in securing enterprises including private and public sectors. It will improve an organization's preparedness to thwart these important threats, and will reduce the risk for the organizations to be negatively influenced by these threats and endure potentially negative economic and societal impacts. The project will involve both graduate and undergraduate students, contributing to a strengthened relationship between education and research. By getting involved in different aspects of the project, students will be trained in a critical area of national security, thereby enhancing their careers and contributing to their professional growth. The project develops novel analysis, design techniques, and toolkits to better protect an organization's critical assets from insider threat and unauthorized access. Access control systems are fundamental to mitigating insider threats and attribute-based access control (ABAC) has emerged as a promising model in recent years. This project develops a comprehensive framework based on ABAC that utilizes a combination of moving target defense (MTD) and deception techniques to address insider threat challenges. This is achieved through the development of several components in a systematic way. The first is a scientific foundation for defensive deception that includes deception modeling and planning, and an approach to generate consistent and affordable deception plans for insider threat prevention. The second utilizes moving target defense techniques to increase the cost and time burden on the insider to achieve an unauthorized access by proactively changing ABAC system configurations. The third one introduces the notion of honey elements in ABAC, and integrates them with active deception and moving target defense techniques. The framework will result in a significant improvement in the security of the large-scale enterprises so that proactive countermeasures for insider threats could be deployed with consideration of the system security requirements, and effectiveness of countermeasures. The proof-of-concept prototype will demonstrate the ability to monitor insider access and enforce corresponding authorization policies to mitigate insider threats.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

防御企图滥用其计算机特权的恶意内部人员是信息安全部门面临的最关键问题之一。这是因为造成的损害可能是灾难性的。虽然研究界对内部威胁越来越感兴趣，但主要挑战仍然是解决信息基础设施保护的具体方面。该项目旨在开发一种创新的、可演示的方法来减轻组织的内部威胁。在这个项目中建立的新机制将大大提高保障包括私营和公共部门在内的企业安全的最先进水平。它将提高组织的准备工作，以挫败这些重要的威胁，并将减少组织受到这些威胁的负面影响和承受潜在的负面经济和社会影响的风险。该项目将涉及研究生和本科生，有助于加强教育和研究之间的关系。通过参与项目的不同方面，学生将在国家安全的关键领域接受培训，从而提升他们的职业生涯并为他们的专业成长做出贡献。该项目开发了新颖的分析、设计技术和工具包，以更好地保护组织的关键资产免受内部威胁和未经授权的访问。访问控制系统是缓解内部威胁的基础，基于属性的访问控制（ABAC）近年来成为一种很有前途的模式。该项目开发了一个基于ABAC的综合框架，利用移动目标防御（MTD）和欺骗技术的组合来解决内部威胁挑战。这是通过以系统的方式开发几个组件来实现的。首先是防御性欺骗的科学基础，包括欺骗建模和计划，以及为内部威胁预防生成一致且负担得起的欺骗计划的方法。第二种方法利用移动目标防御技术，通过主动更改ABAC系统配置，增加内部人员的成本和时间负担，从而实现未经授权的访问。第三部分介绍了ABAC中蜂蜜元素的概念，并将其与主动欺骗和移动目标防御技术相结合。该框架将显著改善大型企业的安全性，从而可以在考虑系统安全需求和对策有效性的情况下部署针对内部威胁的主动对策。概念验证原型将展示监控内部访问和执行相应授权策略以减轻内部威胁的能力。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。