Modeling and Mitigating the Insider Threat of Remote Administrators in Clouds

As today’s cloud providers strive to attract customers with better services and less downtime in a highly competitive market, they increasingly rely on remote administrators including those from third party providers for fulfilling regular maintenance tasks. In such a scenario, the privileges granted for remote administrators to complete their assigned tasks may allow an attacker with stolen credentials of an administrator, or a dishonest remote administrator, to pose severe insider threats to both the cloud tenants and provider. In this paper, we take the first step towards understanding and mitigating such a threat. Specifically, we model the maintenance task assignments and their corresponding security impact due to privilege escalation. We then mitigate such impact through optimizing the task assignments with respect to given constraints. The simulation results demonstrate the effectiveness of our solution in various situations.

[1]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[2]  Sajjad Haider,et al.  Security threats in cloud computing , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[3]  Nils Gruschka,et al.  Attack Surfaces: A Taxonomy for Attacks on Cloud Services , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[4]  Jackie Rees Ulmer,et al.  Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach , 2006, Decis. Support Syst..

[5]  Matthias Schunter,et al.  Secure cloud maintenance: protecting workloads against insider attacks , 2012, ASIACCS '12.

[6]  Vijayalakshmi Atluri,et al.  On Optimal Employee Assignment in Constrained Role-Based Access Control Systems , 2016, ACM Trans. Manag. Inf. Syst..

[7]  Bertram Ludäscher,et al.  Insider Attack Identification and Prevention Using a Declarative Approach , 2014, 2014 IEEE Security and Privacy Workshops.

[8]  Abhinav Srivastava,et al.  Hardening OpenStack Cloud Platforms against Compute Node Compromises , 2016, AsiaCCS.

[9]  Sushil Jajodia,et al.  Diversifying Network Services Under Cost Constraints for Better Resilience Against Unknown Attacks , 2016, DBSec.

[10]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[11]  Sushil Jajodia,et al.  k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities , 2014, IEEE Transactions on Dependable and Secure Computing.

[12]  Hung Q. Ngo,et al.  Insider abuse comprehension through capability acquisition graphs , 2008, 2008 11th International Conference on Information Fusion.

[13]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[14]  Peng Liu,et al.  MyCloud: supporting user-configured privacy protection in cloud computing , 2013, ACSAC.

[15]  William R. Claycomb,et al.  Insider Threats to Cloud Computing: Directions for New Research Challenges , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference.

[16]  B. Panda,et al.  A Knowledge-Base Model for Insider Threat Prediction , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[17]  M. Schreiner,et al.  We Have Met the Enemy and He Is Us , 2011 .

[18]  Sushil Jajodia,et al.  Threat Modeling for Cloud Data Center Infrastructures , 2016, FPS.

[19]  Neeraj Suri,et al.  A security metrics framework for the Cloud , 2011, Proceedings of the International Conference on Security and Cryptography.

[20]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[21]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[22]  Kamal Dahbur,et al.  A survey of risks, threats and vulnerabilities in cloud computing , 2011, ISWSA '11.