An Insider Threat Mitigation Framework Using Attribute Based Access Control

TL;DR

This paper proposes a novel insider threat mitigation framework that combines attribute-based access control with moving target defense and deception techniques, enhancing security without compromising usability.

Contribution

It introduces correlated attributes into ABAC and extends the model with MTD, creating a dynamic, deception-based access control system for insider threat mitigation.

Findings

Effective identification of correlated attributes

Generation of mutated policies without usability loss

Enhanced difficulty for insiders to gain unauthorized access

Abstract

Insider Threat is a significant and potentially dangerous security issue in corporate settings. It is difficult to mitigate because, unlike external threats, insiders have knowledge of an organization's access policies, access hierarchy, access protocols, and access scheduling. Several approaches to reducing insider threat have been proposed in the literature. However, the integration of access control and moving target defense (MTD) for deceiving insiders has not been adequately discussed. In this paper, we combine MTD, deception, and attribute-based access control to make it more difficult and expensive for an insider to gain unauthorized access. We introduce the concept of correlated attributes into ABAC and extend the ABAC model with MTD by generating mutated policy using the correlated attributes for insider threat mitigation. The evaluation results show that the proposed framework can effectively identify correlated attributes and produce adequate mutated policy without affecting the usability of the access control systems.