Security measures such as firewalls, cryptography, intrusion detection, network management, and pass words have been used in an attempt to make computer systems more resistant to unauthorized access. But even with these measures, computer systems remain vulnerable and can be exploited by hackers as well as by insiders who have legitimate access to at least portions of the computer systems. For example, insiders (who may include authorized users) are currently able to do largely as they please, and outsiders (such as hackers) can slip through the vulnerabilities in the security measures currently in use to gain authorization. The list of vulnerabilities of computer systems is large and growing.
The threat from insiders is particularly troublesome. It has been estimated that perhaps 75% of computer security breeches come from authorized users. The average cost of an authorized user attack, according to the FBI, is $2.7 million. In a law enforcement panel discussion at a well-known Las Vegas hacker convention in August 2001, a panel member informed the audience that the truly dangerous threat comes from insiders.
That vulnerabilities exist and that new ones are continuously being discovered are evidenced by the growth of vulnerability databases such as CVE by the MITRE Corporation and Bugtraq by SecurityFocus. Two industry trends have amplified the vulnerability problem.
The first trend is the increased reliance by users of commercial-off-the-shelf (COTS) software packages. These products typically place security as a distinctly secondary goal behind the goals of power and convenience.
The second trend relates to the software monoculture that is typified by attempts at software standardization. However, while it is easier to manage training and installation when all of the nodes of a system are identically configured, this node standardization amplifies the risk of unauthorized access. If one node in the system is susceptible to some vulnerability, nearly all of the nodes in the system are likewise susceptible. The success of viruses and worms such as Melissa, NIMDA, CodeRed, etc. in bringing corporate networks to a standstill is a recurring demonstration of this weakness.
Critical systems warrant a further layer of security. Security systems currently exist that, in a rudimentary way, predict likely outcomes of user commands. These security systems use physical (or other) models to reason out the effect of certain commands on a protected asset. For example, mathematical models are currently used in “power system security” analysis. That is, the operator of an electric power grid may use a mathematical model of load, power generation, voltage, and current everywhere over the power grid to make sure that planned changes will leave the grid in a stable safe state, even if one or more faults occur. Thus, before a proposed power transfer from point A to point B is implemented, the model simulates various possible line outages that could occur in order to make sure that, in spite of such outages (or other planned transfers), the power grid will remain in a stable state (no overloads, blackouts, etc.). A basic reference on this topic is a text entitled “Power Generation, Operation and Control”, by Allen Wood and Bruce Wollenberg.
For the most part, current computer systems promptly obey any commands issued by the last authenticated operator so long as the commands fall within the privileges granted. Even when a system attempts to predict outcomes of user actions, such systems are not fully integrated so as to anticipate future commands of a user and to consider a range of responses dependent on the level of the threat of the future commands.
Accordingly, the present invention is directed to a skeptical system that can be used in association with assets (such as computers) to increase the level of protection afforded against unauthorized entry and/or use. The skeptical system of the present invention entertains doubts about the entry and/or of the protected assets. It questions the authenticity, integrity, and intent of the requester and acts with due consideration of its doubts.