Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Alhebaishi, Nawafa; b; * | Wang, Lingyua | Jajodia, Sushilc | Singhal, Anoopd
Affiliations: [a] Concordia Institute for Information Systems Engineering, Concordia University, Quebec, Canada. E-mails: [email protected], [email protected] | [b] Faculty of Computing and Information Technology, King Abdulaziz University, Jeddag, KSA | [c] Center for Secure Information Systems, George Mason University, VA, USA. E-mail: [email protected] | [d] Computer Security Division, National Institute of Standards and Technology, MD, USA. E-mail: [email protected]
Correspondence: [*] Corresponding author. E-mail: [email protected].
Abstract: Today’s cloud providers strive to attract customers with better services and less downtime in a highly competitive market. The need for minimizing the operational cost unavoidably leads cloud providers to rely on third party remote administrators for fulfilling regular maintenance tasks. In such a scenario, the lack of trust in those third party remote administrators paired with the extra privileges granted to them to complete the maintenance tasks usually implies undesirable security threats. A dishonest remote administrator, or an attacker armed with the stolen credential of a remote administrator, can pose severe insider threats to both the cloud provider and its tenants. In this paper, we take the first step towards understanding and mitigating such insider threats of remote administrators in clouds. Specifically, we first model the maintenance task assignments and their corresponding security impact due to privilege escalation. We then mitigate such impact through optimizing the task assignments with respect to given constraints. Finally, the simulation results demonstrate the effectiveness of our solution in various scenarios.
Keywords: Security metric, cloud security, insider attack, attack graph, service dependency graph
DOI: 10.3233/JCS-191306
Journal: Journal of Computer Security, vol. 27, no. 4, pp. 427-458, 2019
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]