Cloud computing is one of the most trending technologies of today. Most of the resources we use on an everyday basis are stored online as cloud storage. Our files, which have sensitive information, are accessible on valid authentication. When we consider the large scale organizations who host several servers to store their data, we also need to consider the possibility of insider attacks. Data security and integrity is of utmost importance in any organization. Insider attacks mainly focus on exploiting this data. Our model which implements risk based access control takes into consideration several parameters that assess the individual's risk. Access is provided to the user only if his/her risk value is lesser than the threshold risk. Therefore, any possibility of insider threat such as buffer overflow and session hijacking attack is tackled before it occurs. Our model allows a maximum risk of 70% which means that even at the worst case scenario, 30% of the data is still secure. There is a huge potential for future enhancement.
[1]
Jorge Lobo,et al.
Risk-based security decisions under uncertainty
,
2012,
CODASPY '12.
[2]
Donghai Guan,et al.
A Dynamic Trust Model Based on Naive Bayes Classifier for Ubiquitous Environments
,
2006,
HPCC.
[3]
Ed Dawson,et al.
An Approach to Access Control under Uncertainty
,
2011,
2011 Sixth International Conference on Availability, Reliability and Security.
[4]
Karsten P. Ulland,et al.
Vii. References
,
2022
.
[5]
James B. D. Joshi,et al.
A trust-and-risk aware RBAC framework: tackling insider threat
,
2012,
SACMAT '12.
[6]
Ravi S. Sandhu,et al.
Role-Based Access Control Models
,
1996,
Computer.
[7]
Ravi S. Sandhu,et al.
Risk-Aware RBAC Sessions
,
2012,
ICISS.