Skip to main content

December 2, 2015

Speaker: Abdulaziz Almehmadi, UOIT

Title: On the Potential of Intent-based Access Control (IBAC) in Preventing Insider Threats

Abstract: Existing access control mechanisms are based on the concepts of identity enrollment and recognition, and assume that recognized identity is synonymous with ethical actions. However, statistics over the years show that the most severe security breaches have been the results of trusted, authorized, and identified users who turned into malicious insiders. Insider threats are caused by trusted employees who abuse their privileges and daily tasks to commit maleficent actions. Insider threat-related damages vary from intellectual property loss and fraud to IT sabotage, leaving organizations susceptible to public embarrassment, loss of trust and millions of dollars, and consequently loss of businesses. As insider threat incidents often cause catastrophic damages, demand exists for detection mechanisms to detect and then prevent them. A non-identity-based authentication measure that is based on the intent of the access request might serve that demand of preventing insider threats by rejecting access to restricted resources for authorized individuals who have malicious intentions of access.

In this thesis, we address the insider threat at the access control layer. First, we test the possibility of detecting intention of access using involuntary electroencephalogram (EEG) reactions to visual stimuli. This method takes advantage of the robustness of the Concealed Information Test (CIT) to detect intentions based on the existence of knowledge about an intention. Next, we test the possibility of detecting motivation of access using the EEG signal, as motivation level corresponds directly to the likelihood of intent execution level. Subsequently, we propose and design Intent-based Access Control (IBAC), a non-identity-based access control method that assesses the risk associated with the detected intentions and motivation levels of access. We then study the potential of IBAC in denying access to authorized individuals who have malicious plans to commit maleficent acts, as well as study the possibility of employing the user’s intention as an access control measure. In IBAC, we use the intent and the intent motivation level to compute the access risk, and then report a potential loss of value in the requested assets. Based on the access risk and the accepted threshold established by the asset owners, the system decides whether to grant or deny access requests.

We assessed the intent detection component of the IBAC model using experiments on 30 participants by employing five classifiers for intentions: Nearest Neighbor, Support Victor Machine (SVM), Random Forest, Neural Networks and Naïve Bayes. Accuracy of 100 per cent was achieved using Nearest Neighbor, SVM and Random Forest classifiers. Further, we assessed the motivation detection component of the IBAC model using experiments on 30 participants that show different levels of motivation between hesitation-based vs. motivation-based intentions. Finally, the potential of IBAC assessment in detecting and preventing insider threats by calculating the risk of access using intentions and motivation levels as per the experiments shows access risk that is different between unmotivated and motivated groups. Such information is not available using identity-based access control systems. These results demonstrate the potential of IBAC in detecting and preventing malicious insiders when calculating access risk associated with the detected intent of access and the corresponding motivation levels.