Skip to main content
Ontario Tech acknowledges the lands and people of the Mississaugas of Scugog Island First Nation.

We are thankful to be welcome on these lands in friendship. The lands we are situated on are covered by the Williams Treaties and are the traditional territory of the Mississaugas, a branch of the greater Anishinaabeg Nation, including Algonquin, Ojibway, Odawa and Pottawatomi. These lands remain home to many Indigenous nations and peoples.

We acknowledge this land out of respect for the Indigenous nations who have cared for Turtle Island, also called North America, from before the arrival of settler peoples until this day. Most importantly, we acknowledge that the history of these lands has been tainted by poor treatment and a lack of friendship with the First Nations who call them home.

This history is something we are all affected by because we are all treaty people in Canada. We all have a shared history to reflect on, and each of us is affected by this history in different ways. Our past defines our present, but if we move forward as friends and allies, then it does not have to define our future.

Learn more about Indigenous Education and Cultural Services

December 2, 2015

Speaker: Abdulaziz Almehmadi, UOIT

Title: On the Potential of Intent-based Access Control (IBAC) in Preventing Insider Threats

Abstract: Existing access control mechanisms are based on the concepts of identity enrollment and recognition, and assume that recognized identity is synonymous with ethical actions. However, statistics over the years show that the most severe security breaches have been the results of trusted, authorized, and identified users who turned into malicious insiders. Insider threats are caused by trusted employees who abuse their privileges and daily tasks to commit maleficent actions. Insider threat-related damages vary from intellectual property loss and fraud to IT sabotage, leaving organizations susceptible to public embarrassment, loss of trust and millions of dollars, and consequently loss of businesses. As insider threat incidents often cause catastrophic damages, demand exists for detection mechanisms to detect and then prevent them. A non-identity-based authentication measure that is based on the intent of the access request might serve that demand of preventing insider threats by rejecting access to restricted resources for authorized individuals who have malicious intentions of access.

In this thesis, we address the insider threat at the access control layer. First, we test the possibility of detecting intention of access using involuntary electroencephalogram (EEG) reactions to visual stimuli. This method takes advantage of the robustness of the Concealed Information Test (CIT) to detect intentions based on the existence of knowledge about an intention. Next, we test the possibility of detecting motivation of access using the EEG signal, as motivation level corresponds directly to the likelihood of intent execution level. Subsequently, we propose and design Intent-based Access Control (IBAC), a non-identity-based access control method that assesses the risk associated with the detected intentions and motivation levels of access. We then study the potential of IBAC in denying access to authorized individuals who have malicious plans to commit maleficent acts, as well as study the possibility of employing the user’s intention as an access control measure. In IBAC, we use the intent and the intent motivation level to compute the access risk, and then report a potential loss of value in the requested assets. Based on the access risk and the accepted threshold established by the asset owners, the system decides whether to grant or deny access requests.

We assessed the intent detection component of the IBAC model using experiments on 30 participants by employing five classifiers for intentions: Nearest Neighbor, Support Victor Machine (SVM), Random Forest, Neural Networks and Naïve Bayes. Accuracy of 100 per cent was achieved using Nearest Neighbor, SVM and Random Forest classifiers. Further, we assessed the motivation detection component of the IBAC model using experiments on 30 participants that show different levels of motivation between hesitation-based vs. motivation-based intentions. Finally, the potential of IBAC assessment in detecting and preventing insider threats by calculating the risk of access using intentions and motivation levels as per the experiments shows access risk that is different between unmotivated and motivated groups. Such information is not available using identity-based access control systems. These results demonstrate the potential of IBAC in detecting and preventing malicious insiders when calculating access risk associated with the detected intent of access and the corresponding motivation levels.