Defending against a malicious insider who attempts to abuse his computer privileges is one of the most critical problems facing the information security segment. This is because the damage inflicted is potentially catastrophic. While the insider threat is of increasing interest in the research community, major challenges remain in addressing aspects specific to information infrastructure protection. This project aims to develop an innovative, demonstrable approach to mitigate insider threats to an organization. The new mechanisms developed in this project will substantially enhance the state-of-the-art in securing enterprises including private and public sectors. It will improve an organization's preparedness to thwart these important threats, and will reduce the risk for the organizations to be negatively influenced by these threats and endure potentially negative economic and societal impacts. The project will involve both graduate and undergraduate students, contributing to a strengthened relationship between education and research. By getting involved in different aspects of the project, students will be trained in a critical area of national security, thereby enhancing their careers and contributing to their professional growth.
The project develops novel analysis, design techniques, and toolkits to better protect an organization's critical assets from insider threat and unauthorized access. Access control systems are fundamental to mitigating insider threats and attribute-based access control (ABAC) has emerged as a promising model in recent years. This project develops a comprehensive framework based on ABAC that utilizes a combination of moving target defense (MTD) and deception techniques to address insider threat challenges. This is achieved through the development of several components in a systematic way. The first is a scientific foundation for defensive deception that includes deception modeling and planning, and an approach to generate consistent and affordable deception plans for insider threat prevention. The second utilizes moving target defense techniques to increase the cost and time burden on the insider to achieve an unauthorized access by proactively changing ABAC system configurations. The third one introduces the notion of honey elements in ABAC, and integrates them with active deception and moving target defense techniques. The framework will result in a significant improvement in the security of the large-scale enterprises so that proactive countermeasures for insider threats could be deployed with consideration of the system security requirements, and effectiveness of countermeasures. The proof-of-concept prototype will demonstrate the ability to monitor insider access and enforce corresponding authorization policies to mitigate insider threats.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.