|
Cyber Insider Threat, or CINDER, is a DARPA program to develop novel approaches to the detection of activities within military-interest networks that are consistent with the activities of cyber espionage, see.〔http://www.darpa.mil/Our_Work/I2O/Programs/Cyber-Insider_Threat_(CINDER).aspx〕 The CINDER threat is unlike other vulnerability based attacks in that the action taken by the initiator is not based on unauthorized access by unauthorized objects or authorized objects, it is based on the concept that authorized access by authorized objects will normally occur (along with their subsequent actions) within the security boundary. This object action will not be viewed as an attack, but normal use when analyzed by standard IDS-IPS, logging and expert systems. The CINDER Mission will be seen as an unauthorized disclosure once data exfiltration has been realized. At that time, the resultant CINDER Case would change all object actions related to the disclosure from “Authorized Use by an Authorized Object” to “Unauthorized Use by an Authorized Object”.〔(【引用サイトリンク】 title=Mission and Case Analysis of Cyber Insider (CINDER) Methods within Military and Corporate Environments )〕 Note: For the initial CINDER case, the controlling agent”.〔(【引用サイトリンク】 title=Intelligent Agents: Theory and Practice )〕 will still be seen as an Authorized Object based on the fact that the security system has passed an evaluation for Assurance and Functionality. The Cyber Insider Threat has continued to be a known issue since the mid-1980s. The following NIST material dated March 1994 - Internal Threats, shows how it was defined in its infancy. "System controls are not well matched to the average organization's security policy. As a direct result, the typical user is permitted to circumvent that policy on a frequent basis. The administrator is unable to enforce the policy because of the weak access controls, and cannot detect the violation of policy because of weak audit mechanisms. Even if the audit mechanisms are in place, the daunting volume of data produced makes it unlikely that the administrator will detect policy violations. Ongoing research in integrity and intrusion detection promise to fill some of this gap. Until these research projects become available as products, systems will remain vulnerable to internal threats."〔(【引用サイトリンク】 title=Trends for the future - Internal Threats )〕 ==CINDER Behaviors and Methods== 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Cyber Insider Threat」の詳細全文を読む スポンサード リンク
|