A taxonomy of cloud attack consequences and mitigation strategies: The role of access control and privileged access management

Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015

Volumn 1, Issue , 2015, Pages 1073-1080

  Tep, Kin Suntana ^a   Martini, Ben ^a   Hunt, Ray ^a,b   Choo, Kim Kwang Raymond ^a  

^a UNIVERSITY OF SOUTH AUSTRALIA   (Australia)

^b UNIVERSITY OF CANTERBURY   (New Zealand)

Author keywords

Cloud access control; Cloud attack consequences; Cloud mitigation strategies; Privileged access management

Indexed keywords

DIGITAL STORAGE; TAXONOMIES;

ACCESS MANAGEMENT; CLOUD ENVIRONMENTS; CLOUD SECURITIES; CLOUD SERVICES; MITIGATION STRATEGY; SENSITIVE DATAS;

ACCESS CONTROL;

EID: 84967214668     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/Trustcom.2015.485     Document Type: Conference Paper

References (26)

1. R. T. Snodgrass, S. S. Yao, and C. Collberg, "Tamper detection in audit logs," presented at the Proceedings of the Thirtieth international conference on Very large data bases-Volume 30, Toronto, Canada, 2004.
2. D. Catteddu and G. Hogben, "Cloud Computing, Benefits, risks and recommendations for information security," European Network and Infomation Security Agency 2009.
3. W. R. Claycomb and A. Nicoll, "Insider Threats to Cloud Computing: Directions for New Research Challenges," in Computer Software and Applications Conference (COMPSAC), 2012 IEEE 36th Annual, 2012, pp. 387-394.
4. A. Alva, O. Caleff, G. Elkins, et al., "The Notorious Nine Cloud Computing Top Threats in 2013," Cloud Security Alliance 2013.
5. S. Collett. (2015, 01/05/2015). Forecast 2015: IT spending on an upswing. Available: http://www.computerworld.com/article/ 2840907/forecast-2015-it-spending-on-an-upswing.html
6. I. Muttik and C. Barton, "Cloud security technologies," Inform. Security Tech. Rep., vol. 14, pp. 1-6, 2009.
7. C. Modi, D. Patel, B. Borisaniya, et al., "A survey on security issues and solutions at different layers of Cloud computing," The J. of Supercomput., vol. 63, pp. 561-592, Feb 2013.
8. A. Tripathi and A. Mishra, "Cloud computing security considerations," in Signal Process., Commun. and Comput. (ICSPCC), 2011 IEEE Int. Conference on, 2011, pp. 1-5.
9. J. L. Spears and H. Barki, "User participation in information systems security risk management," MIS quarterly, vol. 34, pp. 503-522, Sep 2010.
10. G. Silowash, D. Cappelli, A. Moore, et al., "Common Sense Guide to Mitigating Insider Threats 4th Edition," DTIC Document 2012.
11. I. J. Chen and K. Popovich, "Understanding customer relationship management (CRM)," Buss. Process Manage. J., vol. 9, pp. 672-688, 2003.
12. W. J. Blackert, D. M. Gregg, A. K. Castner, et al., "Analyzing interaction between distributed denial of service attacks and mitigation technologies," in DARPA Information Survivability Conference and Exposition, 2003. Proceedings, 2003, pp. 26-36 vol.1.
13. D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Gener. Comput. Syst., vol. 28, pp. 583-592, 2012.
14. C. Budd. (26/04/2015). Security Threats. Available: https://technet.microsoft.com/enus/ library/cc723507.aspx#XSLTsection124121120120
15. V. E. Solutions, "2013 Data Breach Investigations Report," Solutions, Verizon Enterprise, http://www.verizonenterprise.com/resources/reports/rp-databreach-investigations-report-2013-en-xg.pdf2014.
16. S. Srinivasamurthy and D. Liu, "Survey on cloud computing security," in Proc. Conf. on Cloud Computing, CloudCom, 2010.
17. M. T. Khorshed, A. B. M. S. Ali, and S. A. Wasimi, "A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing," Future Gener. Comput. Syst., vol. 28, pp. 833-851, Jun 2012.
18. V. E. Solutions, "Verizon 2014 data breach investigations report," http://www.verizonenterprise.com/DBIR/2014/reports/rp-dbir-2014-executive-summary-en-xg.pdf2014.
19. J. Diesner and K. M. Carley, "Exploration of communication networks from the Enron email corpus," in SIAM International Conference on Data Mining: Workshop on Link Analysis, Counterterrorism and Security, Newport Beach, CA, 2005.
20. B. Schneier and J. Kelsey, "Secure audit logs to support computer forensics," ACM Trans. Inf. Syst. Secur., vol. 2, pp. 159-176, 1999.
21. M. McCormick, "Data Theft: A Prototypical Insider Threat," in Insider Attack and Cyber Security. vol. 39, S. Stolfo, S. Bellovin, Eds., et al., ed: Springer US, 2008, pp. 53-68.
22. A. J. Duncan, S. Creese, and M. Goldsmith, "Insider Attacks in Cloud Computing," in Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on, 2012, pp. 857-862.
23. K. Ruan, J. Carthy, T. Kechadi, et al., "Cloud Forensics," in Advances in Digital Forensics VII. vol. 361, G. Peterson and S. Shenoi, Eds., ed: Springer Berlin Heidelberg, 2011, pp. 35-46.
24. Symantec, "Avoiding the Hidden Costs of the Cloud," https://www.symantec.com/content/en/us/about/media/pdfs/bstate-of-cloud-global-results-2013.en-us.pdf2013.
25. N. Gruschka and M. Jensen, "Attack Surfaces: A Taxonomy for Attacks on Cloud Services," in IEEE CLOUD, 2010, pp. 276-279.
26. M. Kandias, N. Virvilis, and D. Gritzalis, "The Insider Threat in Cloud Computing," in Critical Inform. Infrastructure Security, ed: Springer, 2013, pp. 93-103.