An adaptive risk management and access control framework to mitigate insider threats

Insider Attacks are one of the most dangerous threats organizations face today. An insider attack occurs when a person authorized to perform certain actions in an organization decides to abuse the trust, and harm the organization. These attacks may negatively impact the reputation of the organization, its productivity, and may produce losses in revenue and clients. Avoiding insider attacks is a daunting task. While it is necessary to provide privileges to employees so they can perform their jobs efficiently, providing too many privileges may backfire when users accidentally or intentionally abuse their privileges. Hence, finding a middle ground, where the necessary privileges are provided and malicious usage are avoided, is necessary. In this paper, we propose a framework that extends the role-based access control (RBAC) model by incorporating a risk assessment process, and the trust the system has on its users. Our framework adapts to suspicious changes in users' behavior by removing privileges when users' trust falls below a certain threshold. This threshold is computed based on a risk assessment process that includes the risk due to inference of unauthorized information. We use a Coloured-Petri net to detect inferences. We also redefine the existing role activation problem, and propose an algorithm that reduces the risk exposure. We propose a methodology to help administrators managing inference threats. We present experimental evaluation to validate our work.