We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Insider Threat Mitigation in Cloud Computing

by Kunal Kumar Mandal, Debayan Chatterjee
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 120 - Number 20
Year of Publication: 2015
Authors: Kunal Kumar Mandal, Debayan Chatterjee
10.5120/21341-4352

Kunal Kumar Mandal, Debayan Chatterjee . Insider Threat Mitigation in Cloud Computing. International Journal of Computer Applications. 120, 20 ( June 2015), 7-11. DOI=10.5120/21341-4352

@article{ 10.5120/21341-4352,
author = { Kunal Kumar Mandal, Debayan Chatterjee },
title = { Insider Threat Mitigation in Cloud Computing },
journal = { International Journal of Computer Applications },
issue_date = { June 2015 },
volume = { 120 },
number = { 20 },
month = { June },
year = { 2015 },
issn = { 0975-8887 },
pages = { 7-11 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume120/number20/21341-4352/ },
doi = { 10.5120/21341-4352 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:06:42.413764+05:30
%A Kunal Kumar Mandal
%A Debayan Chatterjee
%T Insider Threat Mitigation in Cloud Computing
%J International Journal of Computer Applications
%@ 0975-8887
%V 120
%N 20
%P 7-11
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Insider threat is one of the most critical security threats for any Industry, even it is the most eldest strategy to fall an empire down, very common in diplomacy according to the human history. In the cloud computing ecosystem there are several problems that is harder than the normal (not could) scenarios. If the insider threats are the most dangerous threat even in the non-cloud platform then it must has multi-dimensional attack vectors in cloud computing. Many researches have been done and are being carried out in the field of cyber security for malicious insider attacks. In the provider end of the service, the insider who can harm the system most is the System administrator because he has the highest access control and other privileges. Sometimes when the user demands some resources and the provider is running out of that kind of resource then, they outsource the resource from the third party or cloud broker. The resources are like server, storage and device or public/private cloud. In this paper we propose a technical solution and some policies for the cloud provider to mitigate the insider attack due to the rogue administrator. We also discuss about the possibility of insider attack in outsourcing issue of cloud computing and provide some policies as solution for that problem.

References
  1. Inside Threat, Source: http://cert. org/insider-threat/research/database. cfm, Last Access : September, 2014.
  2. Adrian Duncan, S. Creese, and M. Goldsmith. Insider attacks in cloud computing. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on, pages 857–862, 2012.
  3. Adrian Duncan, Sadie Creese, Michael Goldsmith , and Jamie S. Quinton . "Cloud Computing: Insider Attacks on Virtual Machines During Migration," Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on, pages 493 - 500, 2013.
  4. William R Claycomb and Alex Nicoll. Insider threats to cloud computing: Directions for new research challenges. In Computer Software and Applications Conference (COMPSAC), 2012 IEEE 36th Annual, pages 387–394. IEEE, 2012.
  5. Cloud Security Alliance, Source: https://cloudsecurityalliance. org/topthreats/csathreats. v1. 0. pdf, Last Access : september,2014.
  6. Kandias M. , Mylonas A. , Virvilis N. , Theoharidou M. , and Gritzalis D. , "An Insider Threat Prediction Model", In: Proc. of the 7th International Conference on Trust, Privacy, and Security in Digital Business, LNCS-6264, Springer, Spain, 2010, pages 26-37,2010.
  7. Ravi S. Sandhu: Separation of Duties in Computerized Information Systems. DBSec 1990, pages 179-190, 1990.
  8. Common Sense Guide to Mitigating Insider Threats, Source:http://resources. sei. cmu. edu/library/asset-view. cfm?assetID=34017, Last Access : september,2014.
  9. Spitzner L. , "Honeypots: Catching the insider threat", in Proc. of the 19th Annual Computer Security Applications Conference, USA, 2003, pages 170-179,2003.
  10. Shamir's Secret Sharing, Source: http://en. wikipedia. org/wiki/Shamir%27s_Secret_Sharing, Last Access : september, 2014.
  11. Cloud Computing Synopsis and Recommendations. csrc. nist. gov/publications/drafts/800-146/Draft-NIST-SP800-146. pdf
  12. Moving from Outsourcing to the Public Cloud, Source : http://blog. isg-one. com/2014/04/29/moving-from-outsourcing-to-the-public-cloud-prepare-for-more-insourcing/, Last Access: september,2014.
  13. IT Outsourcing Risks and How to Mitigate Them, Source: http://deloitte. wsj. com/cio/2012/07/10/it-outsourcing-4-serious-risks-and-ways-to-mitigate-them , Last Access: september,2014.
  14. Li Chaoling , Chen Yue , and Zhou Yanzhou, "A data assured deletion scheme in cloud storage", China Communications• April 2014, pages 98-110, 2014.
Index Terms

Computer Science
Information Sciences

Keywords

Malicious insider Insider Threat Cloud computing security Cloud outsourcing.

Powered by PhDFocusTM