Handling Insider Threats using Self-Adaptive Authorization

Insider threat is an ever-growing concern for governments and private organizations, as evident in recent high profile cases covered in the media. Our research aims to provide an automatic means to handling insider threat, by identifying anomalies in trusted user behaviour, and responding to insider threats by adapting a user's ability to access. For example, restricting a malicious user's access to critical resources.

Our particular focus is the design of the Self-Adaptive Authorization Framework (SAAF). The SAAF framework lays down the foundations for adaptive authorization, whereby authorization infrastructures are capable of responding to anomalies synonymous to insider threat, with the intent of preventing the continuation of an identified threat.

A prototype implementation of SAAF has been deployed as part of a federated authorization infrastructure, composed of an ABAC/XACML authorization service (PERMIS), SimpleSAML identity providers, and our SAAF autonomic controller. The SAAF autonomic controller implements a MAPE-K (Monitor, Analyse, Plan, Execute) feedback loop, which monitors the execution of a target authorization infrastructure, analyses for non-conventional operational states (that contain anomalous user behavior) and adapts authorization constraints to halt such anomalous behavior.

Try our demo! An ethical game of hacking through Snakes and Ladders

Further Information:

• Target Domain
• Conceptual Design
• Identifying Insider Threat
• Adaptation

Research by:

This research is a collaboration based at the University of Kent, Canterbury, UK.

• Dr. Christopher Bailey
  
• Dr. Rogério de Lemos

Publications

• Christopher Bailey, Lionel Montrieux, Rogerio de Lemos, Yijun Yu, and Michel Wermelinger. Run-Time Generation, Transformation, and Verification of Access Control Models for Self-Protection. In 9th International Symposium on Software Engineering for Adapt ive and Self-Managing System Available here
• Christopher Bailey, David W. Chadwick, and Rogerio de Lemos. Self-Adaptive Federated Authorization Infrastructures. Journal of Computer and System Sciences 80.5 (2014): 935-952 Available here
• Christopher Bailey, David W. Chadwick, Rogério de Lemos, and Kristy W. S. Siu. 2013. Enabling the autonomic management of federated identity providers. In Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Managemen t, and Security: emerging management mechanisms for the future internet - Volume 7943 (AIMS'13), Guillaume Doyen, Martin Waldburger, Pavel Čeleda, Anna Sperotto, and Burkhard Stiller (Eds.), Vol. 7943. Springer-Verlag, Berlin, Heidelberg, 100-111. DOI=10.1007/978-3-642- 38998-6_14 http://dx.doi.org/10.1007/978-3-642-38998-6_14 Available here
• David W Chadwick, Christopher Bailey, Rogerio de Lemos. “Behavioural Control”. Proc. Data Usage Management on the Web (at World Wide Web Conference), Lyon, 16 April, 2012 pp17-22. Ed Lalana Kagal and Alexander Pretschner. Available here
• Christopher Bailey. 2012. Application of self-adaptive techniques to federated authorization models. In Proceedings of the 2012 International Conference on Software Engineering (ICSE 2012). IEEE Press, Piscataway, NJ, USA, 1495-1498. Available here
• Christopher Bailey, David W. Chadwick, and Rogerio de Lemos. 2011. Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models. In Proceedings of the 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing (DASC '11). IEEE Computer Society, Washington, DC, USA, 37-44. DOI=10.1109/DASC.2011.31 http://dx.doi.org/10.1109/DASC.2011.31 Available here

Links

• Software Engineering for Adaptive and Self-Managing Systems
• PERMIS
• SimpleSAMLphp

Contact