Cited By
View all- Deep GSidhu JMohana R(2023)Distributed PEP–PDP Architecture for Cloud DatabasesWireless Personal Communications: An International Journal10.1007/s11277-022-10017-4128:3(1733-1761)Online publication date: 1-Feb-2023
An insider threat aware access control for cloud relational databases
Abstract
The request-response paradigm that consists of policy decision points (PDPs) and policy enforcement points (PEPs) is used for access control in Cloud computing. The model uses PEP-side caching to increase the availability and reduce the processing overhead on PDP. This paper shows that using PEP-side caching can be exploited by insiders to bypass cloud access control mechanisms, which increases insider threat in cloud computing. To overcome this problem, the paper proposes a manageable model that detects and prevents insider threat at PEP side with minimum overhead on the performance of PEP and PDP. The model has been extensively tested and the results show its effectiveness in mitigating insider threat. Moreover, the experiments demonstrate that the overhead posed by the model on PEP and PDP is low. Lemmas, theorems and algorithm have been provided to show the correctness and the applicability of the proposed approach.
References
[1]
Brackney, R., Anderson, R.: Understanding the insider threat. Technical report. RAND Corporation, Santa Monica (2004)
[2]
Bishop, M., Gates, C.: Defining the insider threat. In: Proceedings of the 4th Annual Workshop on Cyber Security and iNformation Intelligence Research, Oak Ridge (2008)
[3]
Maybury, M., Chase, P., Cheikes, B., Brackney, D., Matznera, S., Hetherington, T., Wood, B., Sibley, C., Marin, J., Longstaff, T.: Analysis and detection of malicious insiders. In: Proceedings of the International Conference on Intelligence Analysis, McLean (2005)
[4]
Magklaras, G., Furnell, S., Brooke, P.: Towards an insider threat prediction specification language. J. Inf. Manag. Comput. Secur. 14(4), 361---381 (2006)
[5]
Pfleeger, C., Pfleeger, S.: Security in Computing, 4th edn. Prentice Hall, Upper Saddle River (2006)
[6]
Richardson, R.: Computer crime and security survey. Internet. http://gatton.uky.edu/FACULTY/PAYNE/ACC324/ CSISurvey2010.pdf (2016). Accessed 12 Oct 2016
[7]
Forrester Corporatoin: The value of corporate secrets. Internet. https://www.nsi.org/pdf/reports/The%20Value%20of%20Corporate%20Secrets.pdf (2016). Accessed 12 Oct 2015
[8]
InforSecurity Europe and PwC: Information security breaches survey. Technical Report. Internet (2016), http://www.pwc.co.uk/eng/publications/isbs_survey_2010.html. Accessed 12 Oct 2016
[9]
Yaseen, Q., Panda, B.: Organizing access privileges: maximizing the availability and mitigating the threat of insiders knowledgebase. In: Proceedings of the 4th International Conference on Network and System Security, Melbourne ((2010)
[10]
Yaseen, Q., Panda, B.: Predicting and preventing insider threat in relational database systems. In: Proceedings of the 4th Workshop on Information Security Theory and Practice, Passau (2010)
[11]
Yaseen, Q., Panda, B.: Malicious modification attacks by insiders in relational databases: prediction and prevention. In: Proceedings of the 2nd IEEE International Conference on Privacy, Security, Risk and Trust, Minneapolis (2010)
[12]
Farkas, C., Toland, T.S., Eastman, C.M.: The inference problem and updates in relational databases. In: Proceedings of the 15th Annual Working Conference on Database and Application Security, Ontario (2001)
[13]
Yaseen, Q., Panda, B.: Tackling insider threat in relational database systems. In: Proceedings of the 5th IEEE/ACM International Conference on Utility and Cloud Computing, Chicago (2012)
[14]
Yaseen, Q., Althebyan, Q., Jararweh, Y.: PEP side caching: an insider threat port. In: Proceedings of the 14th IEEE International Conference on Information Reuse and Integration, San Francisco (2013)
[15]
Oracle Corporation: Fine grained authorization: technical Insights for using Oracle entitlements server. Internet (2016), http://www.oracle.com/technetwork/middleware/oes/oes-product-white-paper-405854.pdf. Accessed 12 Oct 2016
[16]
Amazon Relational Database. Internet. http://aws.amazon.com/rds/oracle/ (2016). Accessed 12 Oct 2016
[17]
Nicomette, V., Deswarte, Y.: An authorization scheme for distributed object systems. In: Proceedings of the IEEE Symposium on Security and Privacy, Los Alamitos (1997)
[18]
Borders, K., Zhao,X., Prakash, A.: CPOL: high-performance policy evaluation. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, New York (2005)
[19]
ENTRUST: GetAccess Design and Administration Guide. Entrust, Dallas (1999)
[20]
NETEGRIT: Siteminder concepts guide. Technical report, Netegrity, Waltham (2000)
[21]
Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The flask security architecture: system support for diverse security policies. In: Proceedings of the 8th USENIX Security Symposium. USENIX Berkeley (1999)
[22]
Thuraisingham, B.: Developing and Securing the Cloud. CRC Press, London (2013)
[23]
DeMichiel, L., Yalcinalp, L., Krishnan, S.: Enterprise JavaBeans Specification. Version 2.0. Sun Microsystems (2001)
[24]
Karjoth, G.: Access control with IBM Tivoli Access Manager. ACM Trans. Inf. Syst. Secur. 6(2), 232---257 (2003)
[25]
OMG. CORBA services: common object services specification. Security service specification v1.8 (2002)
[26]
Crampton, J., Leung, W., Beznosov, K.: Secondary and approximate authorizations model and its application to Bell-LaPadula Policies. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, Lake Tahoe (2006)
[27]
Wei, Q., Ripeanu, M., Beznosov, K.: Cooperative secondary authorization recycling. J. IEEE Trans. Parallel Distrib. Syst. 20(2), 275---288 (2009)
[28]
Kaufman, L.: Data security in the world of cloud computing. J. IEEE Secur. Privacy 7(4), 61---64 (2009)
[29]
Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., Ghafoor, A.: A distributed access control architecture for cloud computing. J. IEEE Softw. 29(2), 36---44 (2012)
[30]
Takabi, H.: SecureCloud: towards a comprehensive security framework for cloud computing environment. In: Proceedings of the 34th IEEE Conference Computer Software and Applications, Seoul (2010)
[31]
Arshad, J., Townend, P., Xu, J.: An automatic intrusion diagnosis approach for clouds. J. Autom. Comput. 8(3), 286---296 (2011)
[32]
Wang, C., Wang, Q., Ren, K., Lou, W.: Ensuring Data storage security in cloud computing. In: Proceedings of the 17th International Workshop on Quality of Service, Charleston (2009)
[33]
Hwang, K., Kulkarni, S., Hu, Y.: Cloud security with virtualized defense and reputation-based trust management. In: Proceedings of the 8th IEEE Conference in Dependable, Autonomic and Secure Computing, Orlando (2009)
[34]
Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proceedings of the ACM Conference on Computer and Communication Security, Chicago (2009)
[35]
Hacgm, H., Tatemura, J., Chi, Y., Hsiung, W., Jafarpour, H., Moon, H., Po, O.: CloudDB: a data store for all sizes in the cloud. Internet. http://www.nec-labs.com/dm/CloudDBweb.Pdf (2015). Accessed 12 Oct 2015
[36]
Curino, C., Jones, E.P.C., Popa, R.A., Malviya, N., Wu, E., Madden, S., Balakrishnan, H., Zeldovich, N.: Relational cloud: a database service for the cloud. In: Proceedings of the 5th Biennial Conference on Innovative Data Systems Research, Asilomar (2011)
[37]
SQL Azure: Internet. http://www.microsoft.com/applicationplatform/en/us/Key-Technologies/SQL-Azure.aspx (2016). Accessed 12 Oct 2016
[38]
Wang, H., Yi, X., Bertino, E., Sun, L.: Protecting outsourced data in cloud computing through access management. J. Concurr. Comput. Pract. Exp. 28(3), 600---615 (2016)
[39]
Li, M., Sun, X., Wang, J., Zhang, Y., Zhang, L.: Privacy-aware access control with trust management in web service. J. World Wide Web 14(4), 407---430 (2011)
[40]
Spitzner, L.: Honeypots: catching the insider threat. In: Proceedings of the 19th Annual Conference on Computer Security Applications, Las Vegas (2003)
[41]
Baracaldo, N., Joshi, J.: A trust-and-risk aware RBAC framework: tackling insider threat. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, Newark (2012)
[42]
Althebyan, Q., Mohawesh, R., Yaseen, Q., Jararweh, Y.: Mitigating insider threats in a cloud using a knowledgebase approach while maintaining data availability. In: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, pp. 226---231 (2015)
[43]
Yaseen, Q., Panda, B.: Insider threat mitigation: preventing unauthorized knowledge acquisition. Int. J. Inf. Secur. 11(4), 269---280 (2012)
[44]
Alliance, C.S.: Top threats to cloud computing, version 1.0., Cloud Security Alliance. Technical report. Internet. http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf (2016). Accessed 17 Oct 2016
[45]
Claycomb, W., Nicoll, A.: Insider threats to cloud computing:. Directions for New Research Challenges. Technical Report, Carnegie Mellon University: CERT Program (2012)
[46]
Kandias, M., Virvilis, N., Gritzalis, D.: The insider threat in cloud computing. In: Proceedings of the 6th International Conference on Critical Infrastructure Security, pp. 93---103 (2013)
[47]
Yaseen, Q., Althebyan, Q., Panda, B., Jararweh, Y.: Mitigating insider threat in cloud relational databases. Secur. Commun. Netw. 9(10), 11321145 (2016)
Index Terms
- An insider threat aware access control for cloud relational databases
Index terms have been assigned to the content through auto-classification.
Recommendations
Mitigating insider threat in cloud relational databases
Cloud security has become one of the emergent issues because of the immense growth of cloud services. A major concern in cloud security is the insider threat because of the harm that it poses. Therefore, defending cloud systems against insider attacks ...
Tackling Insider Threat in Cloud Relational Databases
UCC '12: Proceedings of the 2012 IEEE/ACM Fifth International Conference on Utility and Cloud ComputingCloud security is one of the major issues that worry individuals and organizations about cloud computing. Therefore, defending cloud systems against attacks such asinsiders' attacks has become a key demand. This paper investigates insider threat in ...
Towards Countermeasure of Insider Threat in Network Security
INCOS '11: Proceedings of the 2011 Third International Conference on Intelligent Networking and Collaborative SystemsWe discuss countermeasure against insider threats in network security aspect. In the context of countermeasure against insider threats, there is no perimeter for access control in a network. A traditional access control process by using a firewall on a ...
Comments
Information & Contributors
Information
Published In
Copyright © Copyright © 2017 Springer Science+Business Media, LLC.
Publisher
Kluwer Academic Publishers
United States
Publication History
Published: 01 September 2017
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 10 Aug 2024
Other Metrics
Citations
Cited By
View all- Deep GSidhu JMohana R(2023)Distributed PEP–PDP Architecture for Cloud DatabasesWireless Personal Communications: An International Journal10.1007/s11277-022-10017-4128:3(1733-1761)Online publication date: 1-Feb-2023
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in