D3FEND Top 10 Techniques – #10

Attribute-Based Access Control (ABAC)

And here we are, ready to kick off our new Top 10 rundown! This time, we’re looking at the D3FEND framework (the blue team “counterposition” to the ATT&CK framework). And where better to start than a fundamental practice of cybersecurity – attribute-based access control.

What is ABAC?

Attribute Based Access Control (ABAC) is a procedure within the D3FEND framework’s Model category. ABAC is a sophisticated access control approach that grants or denies access to resources based on attributes associated with entities involved in the access request.

In the context of D3FEND, ABAC is a preventive technique that falls under the Model category, which focuses on establishing proper access controls to defend against unauthorized access and data breaches. ABAC goes beyond traditional access control methods like Role-Based Access Control (RBAC) by considering various attributes related to entities, such as users, objects, and environmental factors.

How does ABAC work?

ABAC operates by evaluating a set of attributes associated with the entities involved in an access request, and based on predetermined policies, determines whether access should be granted or denied. These attributes can include user attributes like role, department, and location, as well as object attributes like sensitivity level, ownership, and classification. Environmental attributes such as time, location, and network conditions may also be considered.

The D3FEND framework highlights ABAC as an effective technique to ensure fine-grained access control, enforce security policies, and mitigate the risk of unauthorized access to critical resources. By using ABAC, organizations can dynamically adjust access controls based on specific attributes, reducing the risk of data leakage, insider threats, and unauthorized privilege escalation.

How can I implement ABAC?

Implementing ABAC involves defining attribute-based policies, managing attribute repositories, and integrating ABAC mechanisms into the organization’s identity and access management infrastructure. This can be done through the use of policy engines, attribute providers, and access control enforcement points.

How does this relate to the ATT&CK framework?

Linking the ATT&CK framework to D3FEND can be challenging in the beginning. That’s why we thought we’d leave some helpful techniques from the ATT&CK framework which can help you contextualize and systematize your approach to

Exploitation for Privilege Escalation

  • Technique: Exploitation of Vulnerability (T1210)
  • Description: Attackers exploit vulnerabilities or misconfigurations in systems or applications to gain higher privileges within a compromised environment. By successfully exploiting such vulnerabilities, they can elevate their privileges beyond the boundaries defined by the ABAC policies.

Credential Harvesting

  • Technique: Phishing (T1566)
  • Description: Attackers use social engineering techniques, such as phishing emails, to trick users into revealing their credentials. By obtaining valid user credentials through phishing attacks, attackers can authenticate themselves as legitimate users and potentially bypass the access controls imposed by ABAC.

Stay up to date with the latest threats

Our newsletter is packed with analysis of trending threats and attacks, practical tutorials, hands-on labs, and actionable content. No spam. No jibber jabber.