Modeling and Mitigating the Insider Threat of Remote Administrators in Clouds

Alhebaishi, Nawaf; Wang, Lingyu; Jajodia, Sushil; Singhal, Anoop

doi:https://doi.org/10.1007/978-3-319-95729-6_1

Conference Proceedings

Modeling and Mitigating the Insider Threat of Remote Administrators in Clouds

Documentation Topics

Published: July 10, 2018

Author(s)

Nawaf Alhebaishi (Concordia University), Lingyu Wang (Concordia University), Sushil Jajodia (GMU), Anoop Singhal (NIST)

Conference

Name: IFIP Annual Conference on Data and Applications Security and Privacy
Dates: July 2018
Location: Bergamo, Italy
Citation: DBSec 2018: Data and Applications Security and Privacy XXXII, Lecture Notes in Computer Science vol. 10980, pp. 3-20

Abstract

As today’s cloud providers strive to attract customers with better services and less downtime in a highly competitive market, they increasingly rely on remote administrators including those from third party providers for fulfilling regular maintenance tasks. In such a scenario, the privileges granted for remote administrators to complete their assigned tasks may allow an attacker with stolen credentials of an administrator, or a dishonest remote administrator, to pose severe insider threats to both the cloud tenants and provider. In this paper, we take the first step towards understanding and mitigating such a threat. Specifically, we model the maintenance task assignments and their corresponding security impact due to privilege escalation. We then mitigate such impact through optimizing the task assignments with respect to given constraints. The simulation results demonstrate the effectiveness of our solution in various situations.

Keywords

insider threats; cloud security; attack mitigation; privilege escalation

Control Families

None selected

Documentation

Publication:
Conference Proceedings (DOI)

Supplemental Material:
Preprint (pdf)

Document History:
07/10/18: Conference Proceedings (Final)

Topics

Security and Privacy
modeling; threats

Technologies
cloud & virtualization