Insider threats to cloud computing: Directions for new research challenges

Proceedings - International Computer Software and Applications Conference

Volumn , Issue , 2012, Pages 387-394

  Claycomb, William R ^a   Nicoll, Alex ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Cloud; Insider; Security

Indexed keywords

CLOUD SERVICES; CLOUD SYSTEMS; INSIDER; INSIDER THREAT; RESEARCH CHALLENGES; SECURITY; SERVICE PROVIDER;

CLOUD COMPUTING; CLOUDS;

RESEARCH;

EID: 84870826258     PISSN: 07303157     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/COMPSAC.2012.113     Document Type: Conference Paper

References (25)

1. D. Cappelli, A. Moore, and R. Trzeciak, The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud), ser. SEI Series in Software Engineering. Addison-Wesley Professional, 2012.
2. C. S. Alliance, "Top threats to cloud computing, version 1.0, " Cloud Security Alliance, Tech. Rep., March 2010. [Online]. Available: http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf.
3. C. S. Alliance, "Star-205 cloud security alliance - top threats to cloud computing v2.0.pdf, " in RSA Conference Europe, 2010. [Online]. Available: http://365.rsaconference.com/docs/DOC-2819.
4. L. Lamport, R. Shostak, and M. Pease, "The byzantine generals problem, " ACM Trans. Program. Lang. Syst., vol. 4, no. 3, pp. 382-401, Jul. 1982. [Online]. Available: http://doi.acm.org/10.1145/357172.357176.
5. A. P. Moore, D. M. Capelli, T. C. Caron, E. Shaw, D. Spooner, and R. F. Trzeciak, "A preliminary model of insider theft of intellectual property, " Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, vol. 2, no. 1, 2011.
6. M. Maurer, I. Brandic, and R. Sakellariou, "Self-adaptive and resource-efficient SLA enactment for cloud computing infrastructures, " in 5th International Conference on Cloud Computing (IEEE Cloud), 2012.
7. V. C. Emeakaroha, T. C. Ferreto, M. A. S. Netto, I. Brandic, and C. A. F. De Rose, "Casvid: Application level monitoring for SLA violation detection in clouds." in IEEE Computer Software and Applications Conference (COMPSAC 2012), 2012.
8. S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, "Over-encryption: management of access control evolution on outsourced data, " in Proceedings of the 33rd international conference on Very large data bases, 2007.
9. W. Itani, A. Kayssi, and A. Chehab, "Privacy as a service: Privacy-aware data storage and processing in cloud computing architectures, " in Dependable, Autonomic and Secure Computing, 2009. DASC '09. Eighth IEEE International Conference on, Dec. 2009.
10. R. Sandhu, "Separation of duties in computerized information systems, " in In Database Security IV: Status and Prospects. North-Holland, 1990, pp. 179-189.
11. U.S. Department of the Interior, "Press Release: Interior Selects Google Apps for Government for Cloud Email and Collaboration Services, " http://www.doi.gov/news/pressreleases/Interior-Selects-Google-Apps-for- Government-for-Cloud-Email-and-Collaboration-Services.cfm, May 2012.
12. D. Shin, H. Akkan, W. Claycomb, and K. Kim, "Toward rolebased provisioning and access control for infrastructure as a service (IaaS), " J. Internet Services and Applications, vol. 2, no. 3, pp. 243-255, 2011.
13. D. Shin, Y. Wang, and W. Claycomb, "A policy-based decentralized authorization management framework for cloud computing, " in ACM Symposium on Applied Computing (ACM SAC), 2012.
14. F. Greitzer and R. Hohimer, "Modeling human behavior to anticipate insider attacks, " Journal of Strategic Security, vol. 4, no. 2, 2011.
15. D. Cappelli, A. Moore, R. Trzeciak, and T. J. Shimeall, "Common sense guide to prevention and detection of insider threats 3rd edition version 3.1, " Carnegie Mellon University/SEI, Tech. Rep., January 2009. [Online]. Available: http://www.cert.org/archive/pdf/CSG-V3.pdf.
16. J. Montelibano and A. Moore, "Insider threat security reference architecture, " Hawaii International Conference on System Sciences, vol. 0, pp. 2412-2421, 2012.
17. C. for the Protection of National Infrastructure (CPNI), "Risk assessment for personnel security: A guide, " Centre for the Protection of National Infrastructure (CPNI), Tech. Rep., 2010.
18. F. Greitzer, L. Kangas, C. Noonan, A. Dalton, and R. Hohimer, "Identifying at-risk employees: Modeling psychosocial precursors of potential insider threats, " in 45th Hawaii International Conference on System Science (HICSS), January 2012.
19. C. for the Protection of National Infrastructure (CPNI), "Preemployment screening: A good practice guide, " Centre for the Protection of National Infrastructure (CPNI), Tech. Rep., September 2011.
20. M. Hanley, "Deriving candidate technical controls and indicators of insider attack from socio-technical models and data, " Carnegie Mellon University/SEI, Tech. Rep., January 2011. [Online]. Available: http://www.cert.org/archive/pdf/11tn003.pdf.
21. K. Ilgun, R. Kemmerer, and P. Porras, "State transition analysis: a rule-based intrusion detection approach, " Software Engineering, IEEE Transactions on, vol. 21, no. 3, pp. 181 -199, mar 1995.
22. J. Rotkowska, "Subverting vista kernel for fun and profit, " Black Hat USA, Tech. Rep., 2006. [Online]. Available: http://blackhat.com/ presentations/bh-usa-06/BH-US-06-Rutkowska.pdf.
23. K. Kortchinsky, "Cloudburst: A vmware guest to host escape story, " Black Hat USA, Tech. Rep., 2009. [Online]. Available: http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky- Cloudburst-PAPER.pdf.
24. Federal Bureau of Investigations, "Economic espionage: How to spot a possible insider threat, " May 2012. [Online]. Available: http://www.fbi.gov/news/stories/2012/may/insider051112/insider051112.
25. H. Takabi, J. Joshi, and G. Ahn, "Security and privacy challenges in cloud computing environments, " Security Privacy, IEEE, vol. 8, no. 6, pp. 24 -31, nov.-dec. 2010.