Research Of Security Architecture And Key Technologies For Insider Threat

Currently, substantial advances in network security, intrusion detection, firewall, information encryption, access control mechanisms, and so on, have substantially helped organizations repel externally initiated attacks. However, these controls and tools are designed to fight against outsider threat of organization network, and little progress in dealing with the insider threat, including insider attack and insider misuse, has occurred. Survey data shows that the most serious security breach and the most important economic damage are basically made by the insider threat from organizations.Given the absence of any significant published research on this topic, the importance of research is still ignored by the large IT scholars. Any contributions made in this area will likely one day to be considered as seminal work. This paper not only point out the critical issues of the research, but also give some research clues.By considering all security-related aspects of enterprises, the objective of this dissertation is to provide the integrated and overall security architecture (ITSDA) to address the insider threat, and then some related key technologies in security architecture will be researched thoroughly. The goal of this paper is to extremely mitigate business damage posed by the insider misuse or the insider attack, try to cease the insider threat initially, and reduce internal risk to a minimum.Conducted researches of this dissertation mainly include: 1) Considering different characteristics and security obligation mechanisms of different industries, research on information security architecture of insider threat is submitted; 2) In view of the problem of information asset security in organizations, research on multi-level security policy model for document security is presented; 3) With regard to the elicitation of security requirements, research on security requirements engineering (SREP) based on software engineering process is provided; 4) For predicting and preventing insider threat, research on attack tree prediction model is proposed.The main contributions and accomplishments of this dissertation are as follows:1. A multi-dimensional, multi-disciplinary security architecture (ITSDA) is submitted.In network security field, no standardized, comprehensive security architecture for insider threat currently exists. Many security professionals and managers in organizations generally have a severe misconception about the insider threat. They simply think that the insider threat will be resolved well if good techniques can be thoroughly adopted in all aspects or departments. It is very obvious that the understanding of the insider threat is partial. It is important to note that due to enterprise organizations'continuous developing, the insider threat will take on dynamic nature. From an overall point of view, organizations should not only pay attention to technical details, but also attach importance to people and environmental issues. Only in this way can the organization design the holistic security defense architecture. The security architecture ITSDA is constituted by the seven dimensions, and these dimensions represent the role of different functions. Especially, the seven dimensions form a feedback loop. Through mutual feedback, they can quickly respond to enterprise development and the insider threat's dynamic features. They will jointly establish a dynamic, comprehensive internal security and defense architecture.2. A novel multi-level security policy model based on document information flow is presented.For enterprises, the security issue must be overcome is the insider threat. The most valuable information assets - documents are the main objectives of insider abuse. Previous coarse-grained security policies, such as the principle of least privilege, separation of duties, etc. are not sufficient to protect the security of documents. Through research of Lattice model, BLP model and Chinese-Wall model, this paper first defines the concept of document information flow, and then adopts the concept of security level in Lattice model. In addition, the paper makes similar rules for read and write of BLP model. Based on the above research, this dissertation presents a novel multi-level security policy model and an information flow graph model, and proposes related algorithms. The security policy can mix to use with other security policies, and add relevant static obligation rules. With the different context of operating environment, it will make dynamic constraint with the path of information flow. For operating documents'security, it will shield the related hidden path of information flow.3. A security requirements engineering process SREP on eliciting security requirements from organizations is provided.Current security solutions more concentrate in the methods of security and defense, rather than to resolve the causes of IS security issues. According to software engineering process and CC standards, in this paper, the issue of security requirements is asked for involvement in the beginning stages of research and development. Based on related research results, this dissertation presents a security requirements engineering process SREP. The software engineering process is applied to the security requirements process. The SREP consists of the following nine steps: 1) agree on definitions; 2) characterizing the system; 3) identifying critical assets and processes; 4) identifying system vulnerabilities; 5) identifying threats; 6) identifying security objectives and dependencies; 7) generating threat model; 8) risk assessment; 9) eliciting security requirements. To defend against potential insider threat, the above nine steps will help enterprises design a suitable complete security system.4. A scalable predicting model for insider threat is proposed, and a probability generation algorithm for predicting attacks is provided.To deter cracker activities, this paper introduces an improved structure of augmented attack tree and the notion of"minimal attack tree", proposes the concept of"attack cost"and"attack weight", and presents the generation algorithm of minimal attack tree. Based on the above research, this paper presents a novel insider threat model. One user must submit his intended system usage before he will login system. Then this forms the user's session scope, and it is converted to a"SPRINT"(Signature Powered Revised Instruction Table) plan. By virtue of one user's SPRINT plan and customized minimal attack tree, we can not only monitor the user's activities online for preventing his malicious operations, but also monitor inside attack launched by utilizing system vulnerabilities when the user still abet the SPRINT plan. Especially, this paper introduces an estimator of attack probability, and it can help system administrators make sound decision by a quantitative approach. The approach can provide the system administrator an early warning so that he can fight for unwelcome unauthorized activities. The advantage of this approach is that it is a flexible and scalable technique for system security management.For enterprise organizations, this research topic is not related to the economic value, but also related to the enterprise's reputation and image. The accomplishments of this paper enrich the research results related to insider threat. Related researches for insider threat, such as security defense architecture, multi-level security policy model, security requirements engineering and predicting and detecting model, have a high theoretical significance and application value.