Enterprise Level Security: Insider Threat Counter-Claims

October, 2017
IDA document: D-8483
FFRDC: Systems and Analyses Center
Type: Documents
Division: Information Technology and Systems Division
William R. Simpson, Kevin E. Foltz See more authors
Enterprise Level security (ELS) has no accounts or passwords, and consequently identity is an important issue. All person and non-person entities in ELS are registered and known. PKI credentials are issued, and when necessary, multi-factor authentication is used to improve the assurance of the identity. Because the next step in ELS is claims-based access and privilege, many data owners are worried about the trustworthiness (sometimes called reputation) of the identified requesters (this applies to person and non-person entities within the enterprise). Individuals are vetted periodically, and a baseline is established by those instances; however, activities that occur between those vetting events may provide clues about the trustworthiness of the individuals. Similarly, pedigrees in software and hardware entities are established periodically. Because the terms trust and integrity are overloaded, we refer to these data as veracity. Further, when requested, the veracity that applies to certain categories will be provided as counter-claims along with the claims. These counter-claims may be used by the applications and services for increased levels of surveillance and logging and perhaps even limitation of privilege. This paper reviews the data categories, data requirements, and data resources that apply to entity veracity, as well as the counter-claim structures and issues associated with their tracking, and usage. The paper then presents finding and recommendations, along with the future work necessary to complete this evolution.