A Survey on Insider Attacks in IAAS-Based Cloud

A Survey on Insider Attacks in IAAS-Based Cloud

DOI: 10.4018/978-1-5225-7924-3.ch003

Abstract

This chapter provides a literature review and the related work about the insider attacks and solutions in cloud environment. The authors classified solutions into three categories: trusted computing-based approaches, encryption-based approaches, and virtualization-based approaches. The trusted computing approaches use remote attestation, sealed storage, and integrity measurement. Encryption-based approaches use the cryptographic operations along with cloud computing security mechanisms and policies. Virtualization-based approaches use the virtualization technology to solve critical security issues using trusted computing approaches. At the end of this chapter, they compare various solutions and summarize the problems and solutions.
Chapter Preview
Top

Insider Attack In Cloud Computing

According to the cert definition of insider threat “a malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems.” (Kandias, M., et.al., 2011). an insider attack can be defined as an intentional misuse of computer system which has potential data about an organization. According to this definition attacker can be employee, contractor and/or third party business partners. The damages of insider threat are: it sabotages theft of confidential information, trade secrets and intellectual property (IP). 85% of reported fraud is committed by people within the organization (Kandias, M., et.al., 2011). A typical organization loses approximately 5% of its annual revenue to insider fraud and 330 cases of insider fraud identified during 2010.such that every organization needs secure management of sensitive data and intellectual property. in cloud environment, most of insider threat can be done by cloud insiders such that they should provide robust security algorithm on client data (Theoharidou, M., et.al., 2005).

Complete Chapter List

Search this Book:
Reset