Gargoyle: a network-based insider attack resilient framework for organizations
Version 2 2024-06-12, 18:40Version 2 2024-06-12, 18:40
Version 1 2019-04-30, 14:15Version 1 2019-04-30, 14:15
conference contribution
posted on 2018-01-01, 00:00 authored by Arash Shaghaghi, S S Kanhere, M A Kaafar, E Bertino, S Jha© 2018 IEEE. Anytime, Anywhere' data access model has become a widespread IT policy in organizations making insider attacks even more complicated to model, predict and deter. Here, we propose Gargoyle, a network-based insider attack resilient framework against the most complex insider threats within a pervasive computing context. Compared to existing solutions, Gargoyle evaluates the trustworthiness of an access request context through a new set of contextual attributes called Network Context Attribute (NCA). NCAs are extracted from the network traffic and include information such as the user's device capabilities, security-level, current and prior interactions with other devices, network connection status, and suspicious online activities. Retrieving such information from the user's device and its integrated sensors are challenging in terms of device performance overheads, sensor costs, availability, reliability and trustworthiness. To address these issues, Gargoyle leverages the capabilities of Software-Defined Network (SDN) for both policy enforcement and implementation. In fact, Gargoyle's SDN App can interact with the network controller to create a 'defence-in-depth' protection system. For instance, Gargoyle can automatically quarantine a suspicious data requestor in the enterprise network for further investigation or filter out an access request before engaging a data provider. Finally, instead of employing simplistic binary rules in access authorizations, Gargoyle incorporates Function-based Access Control (FBAC) and supports the customization of access policies into a set of functions (e.g., disabling copy, allowing print) depending on the perceived trustworthiness of the context. Our extensive evaluation results prove the practicality of Gargoyle with better performance metrics compared to existing solutions.
History
Event
Local Computer Networks. Conference ( 43rd : 2018 : Chicago, Ill.)Pagination
553 - 561Publisher
IEEELocation
Chicago, Ill.Place of publication
Piscataway, N.J.Publisher DOI
Start date
2018-10-01End date
2018-10-04ISBN-13
9781538644133Language
engPublication classification
E1.1 Full written paper - refereedCopyright notice
2018, IEEETitle of proceedings
LCN 2018 : Proceedings of the 43rd IEEE Conference on Local Computer NetworksUsage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorksRefWorks
BibTeXBibTeX
Ref. managerRef. manager
EndnoteEndnote
DataCiteDataCite
NLMNLM
DCDC