The insider threat in cloud computing

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6983 LNCS, Issue , 2013, Pages 93-103

  Kandias, Miltiadis ^a   Virvilis, Nikos ^a   Gritzalis, Dimitris ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

Cloud Computing; Insider Threat; Security Measures

Indexed keywords

COMPUTATIONAL RESOURCES; EMERGING TECHNOLOGIES; INSIDER THREAT; IT INFRASTRUCTURES; MALICIOUS INSIDERS; POTENTIAL PROBLEMS; SECURITY AND PRIVACY; SECURITY MEASURE;

CRITICAL INFRASTRUCTURES; DISTRIBUTED DATABASE SYSTEMS; WEB SERVICES;

CLOUD COMPUTING;

EID: 84885822769     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-41476-3_8     Document Type: Conference Paper

References (32)

1. Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to Information Systems and the effectiveness of ISO 17799. Computers & Security 24(6), 472-484 (2005)
2. Bishop, M., Gates, C.: Defining the Insider Threat. In: Proc. of the 4th Annual Workshop on Cyber Security and Information Intelligence Research, Tennessee, vol. 288 (2008)
3. Shaw, E., Ruby, K., Post, J.: The insider threat to information systems: The psychology of the dangerous insider. Security Awareness Bulletin 2, 1-10 (1988)
4. Armbrust, M., Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: Above the Clouds: A Berkeley View of Cloud Computing. UCB/EECS-2009-28. Univ. of California at Berkley, USA (2009)
5. Kandias, M., Mylonas, A., Theoharidou, M., Gritzalis, D.: Exploitation of auctions for outsourcing security-critical projects. In: Proc. of the 16th IEEE Symposium on Computers and Communications (ISCC 2011), Greece (2011)
6. Anderson, J.: Computer security threat monitoring and surveillance. Technical Report, J. Anderson Company, Pennsylvania (1980)
7. Schultz, E.: A framework for understanding and predicting insider attacks. Computers & Security 21(6), 526-531 (2002)
8. Thompson, P.: Weak models for insider threat detection. In: Proc. of the Defense and Security Symposium, Florida (2004)
9. Bradford, P., Hu, N.: A layered approach to insider threat detection and proactive forensics. In: Proc. of the 21st Annual Computer Security Applications Conference (2005)
10. Eberle, W., Holder, L.: Insider threat detection using graph-based approaches. In: Proc. of the Cybersecurity Applications and Technology Conference for Homeland Security, pp. 237-241. IEEE Computer Society (2009)
11. Spitzner, L.: Honeypots: Catching the insider threat. In: Proc. of the 19th Annual Computer Security Applications Conference, USA, (2003)
12. Debar, H., Dacier, M., Wespi, A.: A Revised Taxonomy for Intrusion Detection Systems. Annales des Teecommunications 55(7-8), 361-378 (2000)
13. Nguyen, N.T., Reiher, P.L., Kuenning, G.: Detecting Insider Threats by Monitoring System Call Activity. In: Proc. of the IEEE Workshop on Information Assurance, pp. 45-52 (2003)
14. Salem, M., Hershkop, S., Stolfo, S.J.: A Survey of Insider Attack Detection Research. In: Insider Attack and Cyber Security, vol. 39, pp. 69-90 (2008)
15. Magklaras, G., Furnell, S.: Insider Threat Prediction Tool: Evaluating the probability of IT misuse. Computers & Security 21(1), 62-73 (2002)
16. Magklaras, G., Furnell, S.: A preliminary model of end user sophistication for insider threat prediction in it systems. Computers and Security 24, 371-380 (2005)
17. Magklaras, G., Furnell, S.: Towards an insider threat prediction specification language. Information Management & Computer Security 14(4), 361-381 (2006)
18. Althebyan, Q., Panda, B.: A knowledge-base model for insider threat prediction. In: Proc. of the IEEE Workshop on Information Assurance and Security, USA, pp. 239-246 (2007)
19. Wang, H., Liu, S., Zhang, X.: A prediction model of insider threat based on multi-agent. In: Proc. of the 1st International Symposium on Pervasive Computing and Applications (2006)
20. Yaseen, Q., Panda, B.: Knowledge Acquisition and Insider Threat Prediction in Relational Database Systems. In: Proc. of the International Workshop on Software Security Processes, Canada, pp. 450-455 (2009)
21. Mun, H., Han, K., Yeun, C., Kim, K.: Yet another intrusion detection system against insider attacks. In: Proc. of the SCIS 2008 (2008)
22. Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D.: An Insider Threat Prediction Model. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 26-37. Springer, Heidelberg (2010)
23. Parrilli, D.: Legal Issues in Grid and Cloud Computing. In: Stanoevska-Slabeva, K., Wozniak, T., Ristol, R. (eds.) Grid and Cloud Computing: A Business Perspective on Technology and Applications, pp. 97-118. Springer, Berlin (2010)
24. Claessens, J., Preneel, B., Vandewalle, J. (How) can mobile agents do secure electronic transactions on untrusted hosts? A survey of the security issues and the current solutions. ACM Transactions on Internet Technology 3(1), 28-48 (2003)
25. Johnson, C.: CyberSafety: On the Interactions between Cyber Security and the Software Engineering of Safety-Critical Systems
26. Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice). O'Reilly Media, USA (2009)
27. Gritzalis, D., Theoharidou, M., Kalimeri, E.: Towards an interdisciplinary information security education model. In: Proc. of the 4th World Conference on Information Security Education (WISE-4), Moscow (May 2005)
28. Iliadis, J., Gritzalis, D., Spinellis, D., Preneel, B., Katsikas, S.: Evaluating certificate status information mechanisms. In: Proc. of the 7th ACM Computer and Communications Security Conference (CCS 2000), pp. 1-9. ACM Press (October 2000)
29. Mylonas, A., Dritsas, S., Tsoumas, V., Gritzalis, D.: Smartphone Security Evaluation - The Malware Attack Case. In: Proc. of the 8th International Conference on Security and Cryptography (SECRYPT 2011), Spain, pp. 25-36 (July 2011)
30. Lekkas, D., Gritzalis, D.: Long-term verifiability of healthcare records authenticity. International Journal of Medical Informatics 76(5-6), 442-448 (2006)
31. Theoharidou, M., Kotzanikolaou, P., Gritzalis, D.: Risk-Based Criticality Analysis. In: Palmer, C., Shenoi, S. (eds.) Critical Infrastructure Protection III. IFIP AICT, vol. 311, pp. 35-49. Springer, Heidelberg (2009)
32. Lambrinoudakis, C., Gritzalis, D., Tsoumas, V., Karyda, M., Ikonomopoulos, S.: Secure electronic voting: The current landscape. In: Gritzalis, D. (ed.) Secure Electronic Voting, pp. 110-122. Kluwer, USA (2003)