Today’s cloud providers strive to attract customers with better services and less downtime in a highly competitive market. The need for minimizing the operational cost unavoidably leads cloud providers to rely on third party remote administrators for fulfilling regular maintenance tasks. In such a scenario, the lack of trust in those third party remote administrators paired with the extra privileges granted to them to complete the maintenance tasks usually implies undesirable security threats. A dishonest remote administrator, or an attacker armed with the stolen credential of a remote administrator, can pose severe insider threats to both the cloud provider and its tenants. In this paper, we take the first step towards understanding and mitigating such insider threats of remote administrators in clouds. Specifically, we first model the maintenance task assignments and their corresponding security impact due to privilege escalation. We then mitigate such impact through optimizing the task assignments with respect to given constraints. Finally, the simulation results demonstrate the effectiveness of our solution in various scenarios.
M.Albanese and S.Jajodia, A graphical model to assess the impact of multi-step attacks, The Journal of Defense Modeling & Simulation15 (2018), 79–93.
2.
M.Albanese, S.Jajodia and S.Noel, Time-efficient and cost-effective network hardening using attack graphs, in: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), 2012, pp. 1–12.
3.
N.Alhebaishi, L.Wang, S.Jajodia and A.Singhal, Threat modeling for cloud data center infrastructures, in: Foundations and Practice of Security – 9th International Symposium, FPS, Revised Selected Papers, Québec City, QC, Canada, October 24–25, 2016, Vol. 2016, 2016, pp. 302–319.
4.
N.Alhebaishi, L.Wang, S.Jajodia and A.Singhal, Modeling and mitigating the insider threat of remote administrators in clouds, in: Data and Applications Security and Privacy XXXII – 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Proceedings, Bergamo, Italy, July 16–18, 2018, 2018, pp. 3–20.
5.
Q.Althebyan and B.Panda, A knowledge-base model for insider threat prediction, in: 2007 IEEE SMC Information Assurance and Security Workshop, 2007, pp. 239–246. doi:10.1109/IAW.2007.381939.
6.
Amazon Web Services, https://aws.amazon.com/, 2018, Online; accessed 28/02/2018.
7.
P.Ammann, D.Wijesekera and S.Kaushik, Scalable, graph-based network vulnerability analysis, in: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS, Washington, DC, USA, November 18–22, 2002, 2002, pp. 217–224.
J.Bayuk and A.Mostashari, Measuring systems security, Systems Engineering16(1) (2013), 1–14. doi:10.1002/sys.21211.
10.
M.Bishop, S.Engle, S.Peisert, S.Whalen and C.Gates, We have met the enemy and he is us, in: Proceedings of the 2008 New Security Paradigms Workshop, NSPW ’08, ACM, New York, NY, USA, 2008, pp. 1–12. doi:10.1145/1595676.
11.
S.Bleikertz, A.Kurmus, Z.A.Nagy and M.Schunter, Secure cloud maintenance: Protecting workloads against insider attacks, in: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS ’12, ACM, New York, NY, USA, 2012, pp. 83–84.
12.
D.Borbor, L.Wang, S.Jajodia and A.Singhal, Diversifying network services under cost constraints for better resilience against unknown attacks, in: Data and Applications Security and Privacy XXX – 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Proceedings, Trento, Italy, July 18–20, 2016, 2016, pp. 295–312.
13.
D.Borbor, L.Wang, S.Jajodia and A.Singhal, Securing networks against unpatchable and unknown vulnerabilities using heterogeneous hardening options, in: Data and Applications Security and Privacy XXXI, G.Livraga and S.Zhu, eds, Cham, Springer International Publishing, 2017, pp. 509–528.
14.
T.BrancoJr. and H.Santos, What is missing for trust in the cloud computing?, in: Proceedings of the 2016 ACM SIGMIS Conference on Computers and People Research, SIGMIS-CPR ’16, ACM, New York, NY, USA, 2016, pp. 27–28.
15.
X.Chen, M.Zhang, Z.M.Mao and P.Bahl, Automating network application dependency discovery: Experiences, limitations, and new solutions, in: 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, December 8–10, 2008, San Diego, California, USA, Proceedings, 2008, pp. 117–130.
16.
R.Chinchani, A.Iyer, H.Q.Ngo and S.Upadhyaya, Towards a theory of insider threat assessment, in: 2005 International Conference on Dependable Systems and Networks (DSN’05), 2005, pp. 108–117. doi:10.1109/DSN.2005.94.
17.
W.R.Claycomb and A.Nicoll, Insider threats to cloud computing: Directions for new research challenges, in: 2012 IEEE 36th Annual Computer Software and Applications Conference, 2012, pp. 387–394. doi:10.1109/COMPSAC.2012.113.
18.
Cloud Security Alliance, Security guidance for critical areas of focus in cloud computing v 3.0, 2011.
19.
Cloud Security Alliance, Top threats to cloud computing, 2018. Available at https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf.
20.
K.Dahbur, B.Mohammad and A.B.Tarakji, A survey of risks, threats and vulnerabilities in cloud computing, in: Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications, ISWSA ’11, ACM, New York, NY, USA, 2011, pp. 12:1–12:6.
21.
R.Dewri, N.Poolsappasit, I.Ray and D.Whitley, Optimal security hardening using multi-objective optimization on attack tree models of networks, in: Proceedings of the 14th ACM Conference on Computer and Communications Security, ACM, 2007, pp. 204–213.
22.
R.Dewri, I.Ray, N.Poolsappasit and D.Whitley, Optimal security hardening on attack tree models of networks: A cost-benefit analysis, International Journal of Information Security11(3) (2012), 167–188. doi:10.1007/s10207-012-0160-y.
23.
M.Doucet and M.Lari, Cyber security and cybercrime in Canada, 2017, 2018, available at https://www150.statcan.gc.ca/n1/en/catalogue/71-607-X2018007.
24.
M.Frigault and L.Wang, Measuring network security using Bayesian network-based attack graphs, in: Computer Software and Applications, 2008. COMPSAC ’08. 32nd Annual IEEE International, 2008, pp. 698–703.
D.E.Golberg, Genetic Algorithms in Search, Optimization, and Machine Learning, Vol. 1989, Addison-Wesley, 1989.
27.
Google Cloud Platform, 2018, https://cloud.google.com/, Online; accessed 28/02/2018.
28.
N.Gruschka and M.Jensen, Attack surfaces: A taxonomy for attacks on cloud services, in: 2010 IEEE 3rd International Conference on Cloud Computing, IEEE, 2010, pp. 276–279. doi:10.1109/CLOUD.2010.23.
29.
M.Gupta, J.Rees, A.Chaturvedi and J.Chi, Matching information security vulnerabilities to organizational security profiles: A genetic algorithm approach, Decision Support Systems41(3) (2006), 592–603. doi:10.1016/j.dss.2004.06.004.
30.
T.Halabi and M.Bellaiche, Towards quantification and evaluation of security of cloud service providers, Journal of Information Security and Applications33(Supplement C) (2017), 55–65. doi:10.1016/j.jisa.2017.01.007.
ISO Std IEC, ISO 27017, Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services (DRAFT), http://www.iso27001security.com/html/27017.html, 2012.
33.
G.Jakobson, Mission cyber security situation assessment using impact dependency graphs, in: 14th International Conference on Information Fusion, 2011, pp. 1–8.
34.
V.Kann, A compendium of np optimization problems, in: WWW Spring 1994, 1994.
35.
M.Li, W.Zang, K.Bai, M.Yu and P.Liu, Mycloud: Supporting user-configured privacy protection in cloud computing, in: Proceedings of the 29th Annual Computer Security Applications Conference, ACSAC ’13, ACM, New York, NY, USA, 2013, pp. 59–68. doi:10.1145/2523649.2523680.
36.
J.Luna, H.Ghani, D.Germanus and N.Suri, A security metrics framework for the cloud, in: Security and Cryptography (SECRYPT), 2011 Proceedings of the International Conference on, 2011, pp. 245–250.
37.
J.Luna, H.Ghani, D.Germanus and N.Suri, A security metrics framework for the cloud, in: Security and Cryptography (SECRYPT), 2011 Proceedings of the International Conference on, IEEE, 2011, pp. 245–250.
38.
S.Mathew, S.Upadhyaya, D.Ha and H.Q.Ngo, Insider abuse comprehension through capability acquisition graphs, in: 2008 11th International Conference on Information Fusion, 2008, pp. 1–8.
39.
J.McHugh, Quality of protection: Measuring the unmeasurable?, in: Proceedings of the 2nd ACM Workshop on Quality of Protection, QoP 2006, Vol. 30, Alexandria, VA, USA, October 30, 2006, 2006, pp. 1–2.
40.
P.Mell, K.Scarfone and S.Romanosky, Common vulnerability scoring system, IEEE Security & Privacy4(6) (2006), 85–89. doi:10.1109/MSP.2006.145.
41.
Microsoft Azure, https://azure.microsoft.com, 2018. Online; accessed 28/02/2018.
42.
A.Natarajan, P.Ning, Y.Liu, S.Jajodia and S.E.Hutchinson, Nsdminer: Automated discovery of network service dependencies, in: Proceedings of the IEEE INFOCOM 2012, Orlando, FL, USA, March 25–30, 2012, 2012, pp. 2507–2515. doi:10.1109/INFCOM.2012.6195642.
43.
National Institute of Standards and Technology: Cloud Computing Service Metrics Description, http://www.nist.gov/itl/cloud/upload/RATAX-CloudServiceMetricsDescription-DRAFT-20141111.pdf, 2015, Online; accessed 17/06/2015.
44.
W.Nzoukou, L.Wang, S.Jajodia and A.Singhal, A unified framework for measuring a network’s mean time-to-compromise, in: 2013 IEEE 32nd International Symposium on Reliable Distributed Systems, 2013, pp. 215–224. doi:10.1109/SRDS.2013.30.
B.PeddycordIII, P.Ning and S.Jajodia, On the accurate identification of network service dependencies in distributed systems, in: Strategies, Tools, and Techniques: Proceedings of the 26th Large Installation System Administration Conference, LISA 2012, San Diego, CA, USA, December 9–14, 2012, 2012, pp. 181–194.
47.
M.Pendleton, R.Garcia-Lebron, J.-H.Cho and S.Xu, A survey on systems security metrics, ACM Comput. Surv.49 (2016), 62:1–62:35. doi:10.1145/3005714.
48.
N.Poolsappasit, R.Dewri and I.Ray, Dynamic security risk management using Bayesian attack graphs, Dependable and Secure Computing, IEEE Transactions on9(1) (2012), 61–74. doi:10.1109/TDSC.2011.34.
49.
I.Ray and N.Poolsapassit, Computer security – ESORICS 2005: 10th European symposium on research in computer security, in: Proceedings, Ch. Using Attack Trees to Identify Malicious Attacks from Authorized Insiders, Milan, Italy, September 12–14, 2005, SpringerBerlin Heidelberg, 2005, pp. 231–246.
50.
A.Roy, S.Sural, A.K.Majumdar, J.Vaidya and V.Atluri, On optimal employee assignment in constrained role-based access control systems, ACM Trans. Manage. Inf. Syst.7 (2016), 10:1–10:24. doi:10.1145/2996470.
51.
R.S.Sandhu, E.J.Coyne, H.L.Feinstein and C.E.Youman, Role-based access control models, Computer29 (1996), 38–47. doi:10.1109/2.485845.
52.
P.Saripalli and B.Walters, Quirc: A quantitative impact and risk assessment framework for cloud security, in: 2010 IEEE 3rd International Conference on Cloud Computing, 2010, pp. 280–288. doi:10.1109/CLOUD.2010.22.
53.
A.Sarkar, S.Köhler, S.Riddle, B.Ludaescher and M.Bishop, Insider attack identification and prevention using a declarative approach, in: 2014 IEEE Security and Privacy Workshops, 2014, pp. 265–276. doi:10.1109/SPW.2014.41.
54.
R.E.Sawilla and X.Ou, Identifying critical attack assets in dependency attack graphs, in: Computer Security – ESORICS 2008, 13th European Symposium on Research in Computer Security, Proceedings, Málaga, Spain, October 6–8, 2008, 2008, pp. 18–34.
55.
F.B.Shaikh and S.Haider, Security threats in cloud computing, in: Internet Technology and Secured Transactions (ICITST), 2011 International Conference for, 2011, pp. 214–219.
56.
O.Sheyner, J.Haines, S.Jha, R.Lippmann and J.M.Wing, Automated generation and analysis of attack graphs, in: Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on, 2002, pp. 273–284. doi:10.1109/SECPRI.2002.1004377.
57.
O.Sheyner, J.Haines, S.Jha, R.Lippmann and J.M.Wing, Automated generation and analysis of attack graphs, in: Security and Privacy, Proceedings. 2002 IEEE Symposium on, IEEE, 2002, pp. 273–284. doi:10.1109/SECPRI.2002.1004377.
58.
S.Subashini and V.Kavitha, A survey on security issues in service delivery models of cloud computing, Journal of network and computer applications34(1) (2011), 1–11. doi:10.1016/j.jnca.2010.07.006.
59.
X.Sun, A.Singhal and P.Liu, Towards actionable mission impact assessment in the context of cloud computing, in: Data and Applications Security and Privacy XXXI – 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings, Philadelphia, PA, USA, July 19–21, 2017, 2017, pp. 259–274.
60.
W.K.Sze, A.Srivastava and R.Sekar, Hardening openstack cloud platforms against compute node compromises, in: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’16, ACM, New York, NY, USA, 2016, pp. 341–352. doi:10.1145/2897845.2897851.
61.
L.Wang, M.Albanese and S.Jajodia, Network Hardening: An Automated Approach to Improving Network Security, Springer Publishing Company, Incorporated, 2014.
62.
L.Wang, S.Jajodia, A.Singhal, P.Cheng and S.Noel, k-zero day safety: A network security metric for measuring the risk of unknown vulnerabilities, IEEE Transactions on Dependable and Secure Computing11 (2014), 30–44. doi:10.1109/TDSC.2013.24.
63.
L.Wang, S.Jajodia, A.Singhal and S.Noel, k-zero day safety: Measuring the security risk of networks against unknown attacks, in: ESORICS, Springer, 2010, pp. 573–587.
64.
L.Wang, S.Jajodia, A.Singhal and S.Noel, k-zero day safety: Measuring the security risk of networks against unknown attacks, in: Computer Security – ESORICS 2010, 15th European Symposium on Research in Computer Security, Proceedings, Athens, Greece, September 20–22, 2010, 2010, pp. 573–587.
65.
L.Wang, S.Jajodia and A.E.Singhal, Network Security Metrics, Springer, 2017.
66.
L.Wang, S.Noel and S.Jajodia, Minimum-cost network hardening using attack graphs, Computer Communications29(18) (2006), 3812–3824. doi:10.1016/j.comcom.2006.06.018.
67.
L.Wang, A.Singhal and S.Jajodia, Toward measuring network security using attack graphs, in: Proceedings of the 2007 ACM Workshop on Quality of Protection, QoP ’07, ACM, New York, NY, USA, 2007, pp. 49–54. doi:10.1145/1314257.1314273.
68.
L.Wang, A.Singhal and S.Jajodia, Measuring the overall security of network configurations using attack graphs, in: IFIP Annual Conference on Data and Applications Security and PrivacySpringer, Berlin Heidelberg, 2007, pp. 98–112.
69.
L.Wang, M.Zhang, S.Jajodia, A.Singhal and M.Albanese, Modeling network diversity for evaluating the robustness of networks against zero-day attacks, in: Proceedings of ESORICS’14, 2014, pp. 494–511.
70.
L.Wang, M.Zhang, S.Jajodia, A.Singhal and M.Albanese, Modeling network diversity for evaluating the robustness of networks against zero-day attacks, in: Computer Security – ESORICS 2014 – 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7–11, 2014. Proceedings, Part II, 2014, pp. 494–511.
71.
S.Wang, Z.Zhang and Y.Kadobayashi, Exploring attack graph for cost-benefit security hardening: A probabilistic approach, Computers & security32 (2013), 158–169. doi:10.1016/j.cose.2012.09.013.
72.
M.Zhang, L.Wang, S.Jajodia, A.Singhal and M.Albanese, Network diversity: A security metric for evaluating the resilience of networks against zero-day attacks, IEEE Transactions on Information Forensics and Security11 (2016), 1071–1086. doi:10.1109/TIFS.2016.2516916.
73.
M.Zhang, L.Wang, S.Jajodia, A.Singhal and M.Albanese, Network diversity: A security metric for evaluating the resilience of networks against zero-day attacks, IEEE Trans. Information Forensics and Security11(5) (2016), 1071–1086. doi:10.1109/TIFS.2016.2516916.
