Gargoyle: a network-based insider attack resilient framework for organizations

Arash Shaghaghi, Salil S. Kanhere, Mohamed Ali Kaafar, Elisa Bertino, Sanjay Jha

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

2 Citations (Scopus)

Abstract

Anytime, Anywhere' data access model has become a widespread IT policy in organizations making insider attacks even more complicated to model, predict and deter. Here, we propose Gargoyle, a network-based insider attack resilient framework against the most complex insider threats within a pervasive computing context. Compared to existing solutions, Gargoyle evaluates the trustworthiness of an access request context through a new set of contextual attributes called Network Context Attribute (NCA). NCAs are extracted from the network traffic and include information such as the user's device capabilities, security-level, current and prior interactions with other devices, network connection status, and suspicious online activities. Retrieving such information from the user's device and its integrated sensors are challenging in terms of device performance overheads, sensor costs, availability, reliability and trustworthiness. To address these issues, Gargoyle leverages the capabilities of Software-Defined Network (SDN) for both policy enforcement and implementation. In fact, Gargoyle's SDN App can interact with the network controller to create a 'defence-in-depth' protection system. For instance, Gargoyle can automatically quarantine a suspicious data requestor in the enterprise network for further investigation or filter out an access request before engaging a data provider. Finally, instead of employing simplistic binary rules in access authorizations, Gargoyle incorporates Function-based Access Control (FBAC) and supports the customization of access policies into a set of functions (e.g., disabling copy, allowing print) depending on the perceived trustworthiness of the context. Our extensive evaluation results prove the practicality of Gargoyle with better performance metrics compared to existing solutions.

Original languageEnglish
Title of host publication43rd IEEE Conference on Local Computer Networks, LCN 2018
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages553-561
Number of pages9
Volume2018-October
ISBN (Electronic)9781538644133
ISBN (Print)9781538644140
DOIs
Publication statusPublished - 8 Feb 2019
Event43rd IEEE Conference on Local Computer Networks, LCN 2018 - Chicago, United States
Duration: 1 Oct 20184 Oct 2018

Conference

Conference43rd IEEE Conference on Local Computer Networks, LCN 2018
CountryUnited States
CityChicago
Period1/10/184/10/18

Fingerprint

Dive into the research topics of 'Gargoyle: a network-based insider attack resilient framework for organizations'. Together they form a unique fingerprint.

Cite this