Gargoyle: A Network-based Insider Attack Resilient Framework for Organizations

by   Arash Shaghaghi, et al.

`Anytime, Anywhere' data access model has become a widespread IT policy in organizations making insider attacks even more complicated to model, predict and deter. Here, we propose Gargoyle, a network-based insider attack resilient framework against the most complex insider threats within a pervasive computing context. Compared to existing solutions, Gargoyle evaluates the trustworthiness of an access request context through a new set of contextual attributes called Network Context Attribute (NCA). NCAs are extracted from the network traffic and include information such as the user's device capabilities, security-level, current and prior interactions with other devices, network connection status, and suspicious online activities. Retrieving such information from the user's device and its integrated sensors are challenging in terms of device performance overheads, sensor costs, availability, reliability and trustworthiness. To address these issues, Gargoyle leverages the capabilities of Software-Defined Network (SDN) for both policy enforcement and implementation. In fact, Gargoyle's SDN App can interact with the network controller to create a `defence-in-depth' protection system. For instance, Gargoyle can automatically quarantine a suspicious data requestor in the enterprise network for further investigation or filter out an access request before engaging a data provider. Finally, instead of employing simplistic binary rules in access authorizations, Gargoyle incorporates Function-based Access Control (FBAC) and supports the customization of access policies into a set of functions (e.g., disabling copy, allowing print) depending on the perceived trustworthiness of the context.


page 1

page 2

page 3

page 4


B-DAC: A Decentralized Access Control Framework on Northbound Interface for Securing SDN Using Blockchain

Software-Defined Network (SDN) is a new arising terminology of network a...

Programmable In-Network Security for Context-aware BYOD Policies

Bring Your Own Device (BYOD) has become the new norm in enterprise netwo...

A Policy based Security Architecture for Software Defined Networks

As networks expand in size and complexity, they pose greater administrat...

Do we have the time for IRM?: Service denial attacks and SDN-based defences

Distributed sensor networks such as IoT deployments generate large quant...

SDN-based Runtime Security Enforcement Approach for Privacy Preservation of Dynamic Web Service Composition

Aiming at the privacy preservation of dynamic Web service composition, t...

CAPoW: Context-Aware AI-Assisted Proof of Work based DDoS Defense

Critical servers can be secured against distributed denial of service (D...

An Automatic Attribute Based Access Control Policy Extraction from Access Logs

With the rapid advances in computing and information technologies, tradi...

Please sign up or login with your details

Forgot password? Click here to reset