Combining Trust and Behavioral Analysis to Detect Security Threats in Open Environments
SONALYSTS INC WATERFORD CT
Pagination or Media Count:
Open computing environments are under a deluge of network attacks from complex threats. These threats are distributed, decentralized , dynamic, and operate over multiple timescales. Trusted Computing environments provide a means to manage cryptographic identity and authentication operations in the form of static assertions, but were not developed to provide complete end-to-end security for heterogeneous environments such as the NATO Architecture Framework NAF. There is a gap in the contextual understanding of trust that reaches beyond identity to the behavior of that identity. The challenge in deriving trust, and ultimately risk, from network behavior is that it is inherently subjective compared to identity. Trust is defined as the assured reliance on the character, ability, strength, or truth of someone or something. When we trust a person there is the notion of identity. Structural identity alone cannot be used to define measure of an entitys trust behavior must be taken into account. Trust then becomes a layered concept. In assessing the trustworthiness of an entity, a cyber defense strategy should take into account various signals regarding identity and behavior that promote attestation of a digital self and non-self. We describe a model and approach through which a detection capability can derive trust, and rate the trustworthiness of hosts, based on aggregated network behaviors. This approach is rooted in the context of a globalenterprise identity management and cryptographic key management IdMCKM which serves as a bridge between the sensor network and the useradministratorISP. It offers a mechanism for aggregated behavioral analysis of network flow data. Our unique view into network behaviors can be used to provide a basis for language to define the various behaviors that threats exhibit over time. We conclude that a more formal model of trust is needed that couples identity with behavior along with the identity of the user of a computer.
- Computer Programming and Software
- Computer Systems
- Computer Systems Management and Standards