Handling Insider Threats using Self-Adaptive Authorization
Insider threat is an ever-growing concern for governments and private organizations,
as evident in recent high profile cases covered in the media.
Our research aims to provide an automatic means to handling insider threat, by identifying
anomalies in trusted user behaviour, and responding to insider threats by adapting a user's
ability to access. For example, restricting a malicious user's access to critical resources.
Our particular focus is the design of the Self-Adaptive Authorization Framework (SAAF).
The SAAF framework lays down the foundations for adaptive authorization, whereby
authorization infrastructures are capable of responding to anomalies synonymous to
insider threat, with the intent of preventing the continuation of an identified threat.
A prototype implementation of SAAF has been deployed as part of a federated
authorization infrastructure, composed of an ABAC/XACML authorization service (PERMIS),
SimpleSAML identity providers, and our SAAF autonomic controller.
The SAAF autonomic controller implements a MAPE-K (Monitor, Analyse, Plan, Execute)
feedback loop, which monitors the execution of a target authorization infrastructure,
analyses for non-conventional operational states (that contain anomalous user behavior)
and adapts authorization constraints to halt such anomalous behavior.
Try our demo! An ethical game
of hacking through Snakes and Ladders
This research is a collaboration based at the University of Kent, Canterbury, UK.
- Dr. Christopher Bailey
- Dr. Rogério de Lemos
Christopher Bailey, Lionel Montrieux, Rogerio de Lemos, Yijun Yu, and
Michel Wermelinger. Run-Time Generation, Transformation, and
Verification of Access Control Models for Self-Protection. In 9th
International Symposium on Software Engineering for Adapt
ive and Self-Managing System Available here
Christopher Bailey, David W. Chadwick, and Rogerio de Lemos.
Self-Adaptive Federated Authorization Infrastructures. Journal of
Computer and System Sciences 80.5 (2014): 935-952 Available here
Christopher Bailey, David W. Chadwick, Rogério de Lemos, and Kristy W.
S. Siu. 2013. Enabling the autonomic management of federated identity
providers. In Proceedings of the 7th IFIP WG 6.6 international
conference on Autonomous Infrastructure, Managemen
t, and Security: emerging management mechanisms for the future internet
- Volume 7943 (AIMS'13), Guillaume Doyen, Martin Waldburger, Pavel
Čeleda, Anna Sperotto, and Burkhard Stiller (Eds.), Vol. 7943.
Springer-Verlag, Berlin, Heidelberg, 100-111. DOI=10.1007/978-3-642-
38998-6_14 http://dx.doi.org/10.1007/978-3-642-38998-6_14 Available here
David W Chadwick, Christopher Bailey, Rogerio de Lemos. “Behavioural
Control”. Proc. Data Usage Management on the Web (at World Wide Web
Conference), Lyon, 16 April, 2012 pp17-22. Ed Lalana Kagal and
Alexander Pretschner. Available here
Christopher Bailey. 2012. Application of self-adaptive techniques to
federated authorization models. In Proceedings of the 2012
International Conference on Software Engineering (ICSE 2012). IEEE
Press, Piscataway, NJ, USA, 1495-1498. Available here
Christopher Bailey, David W. Chadwick, and Rogerio de Lemos. 2011.
Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC
Models. In Proceedings of the 2011 IEEE Ninth International Conference
on Dependable, Autonomic and Secure Computing (DASC '11). IEEE Computer
Society, Washington, DC, USA, 37-44. DOI=10.1109/DASC.2011.31
http://dx.doi.org/10.1109/DASC.2011.31 Available here