Title :
Insider Attacks in Cloud Computing
Author :
Duncan, Adrian ; Creese, Sadie ; Goldsmith, Michael
Author_Institution :
Dept. of Comput. Sci., Univ. Of Oxford, Oxford, UK
Abstract :
The computer-security industry is familiar with the concept of a Malicious Insider. However, a malicious insider in the cloud might have access to an unprecedented amount of information and on a much greater scale. Given the level of threat posed by insiders, and the rapid growth of the cloud computing ecosystem, we examine here the concept of insider attacks in cloud computing. Specifically, if more of our assets are going to reside in the cloud, and as increasingly our lives, enterprises and prosperity may depend upon cloud, it is imperative that we understand the scope for insider attacks so that we might best prepare defenses. We need to understand whether cloud might expose our assets to increased threat in terms of both actors and attack surface. We present here an assessment of current insider threat definitions and classifications, and their applicability to the cloud. We elucidate the nature of insiders with reference to the cloud ecosystem and close with examples of insider attacks which are specific to cloud environments (and hence hard to detect using current techniques).
Keywords :
cloud computing; pattern classification; security of data; actors; attack surface; cloud computing ecosystem; computer-security industry; insider attacks; insider threat classifications; insider threat definitions; malicious insider; Cloud computing; Companies; Computers; Ecosystems; Security; Servers; Virtual machine monitors; Cloud Computing; Cloud Computing Security; Insider Attacks; Insider Threat; Malicious Insider;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2172-3
DOI :
10.1109/TrustCom.2012.188