Insider Threats to Cloud Computing: Directions for New Research Challenges

Cloud computing related insider threats are often listed as a serious concern by security researchers, but to date this threat has not been thoroughly explored. We believe the fundamental nature of current insider threats will remain relatively unchanged in a cloud environment, but the paradigm does reveal new exploit possibilities. The common notion of a cloud insider as a rogue administrator of a service provider is discussed, but we also present two additional cloudrelated insider risks: the insider who exploits a cloud-related vulnerability to steal information from a cloud system, and the insider who uses cloud systems to carry out an attack on an employer's local resources. We also characterize a hierarchy of administrators within cloud service providers, give examples of attacks from real insider threat cases, and show how the nature of cloud systems architectures enables attacks to succeed. Finally, we discuss our position on future cloud research.

[1]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[2]  Ravi S. Sandhu,et al.  Separation of Duties in Computerized Information Systems , 1990, DBSec.

[3]  Rizos Sakellariou,et al.  Self-Adaptive and Resource-Efficient SLA Enactment for Cloud Computing Infrastructures , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[4]  Frank L. Greitzer,et al.  Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats , 2012, 2012 45th Hawaii International Conference on System Sciences.

[5]  Ying Wang,et al.  A policy-based decentralized authorization management framework for cloud computing , 2012, SAC '12.

[6]  Frank L. Greitzer,et al.  Modeling Human Behavior to Anticipate Insider Attacks , 2011 .

[7]  Алексей Вячеславович Бердник Проблемы безопасности облачных вычислений. Анализ методов защиты облаков от cloud Security Alliance , 2013 .

[8]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[9]  César A. F. De Rose,et al.  CASViD: Application Level Monitoring for SLA Violation Detection in Clouds , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference.

[10]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[11]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[12]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[13]  Joji Montelibano,et al.  Insider Threat Security Reference Architecture , 2012, 2012 45th Hawaii International Conference on System Sciences.

[14]  Randall F. Trzeciak,et al.  Common Sense Guide to Prevention and Detection of Insider Threats , 2006 .

[15]  William R. Claycomb,et al.  Toward role-based provisioning and access control for infrastructure as a service (IaaS) , 2011, Journal of Internet Services and Applications.

[16]  Michael Hanley Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data , 2011 .

[17]  Dawn M. Cappelli,et al.  A Preliminary Model of Insider Theft of Intellectual Property , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[18]  Dawn M. Cappelli,et al.  The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .