Mitigating insider threat in cloud relational databases

被引：8

作者：

Yaseen, Qussai ^{[1
]}

Althebyan, Qutaibah ^{[2
]}

Panda, Brajendra ^{[4
]}

Jararweh, Yaser ^{[3
]}

机构：

[1] Jordan Univ Sci & Technol, Comp Informat Syst Dept, Irbid, Jordan

[2] Jordan Univ Sci & Technol, Software Engn Dept, Irbid, Jordan

[3] Jordan Univ Sci & Technol, Dept Comp Sci, Irbid, Jordan

[4] Univ Arkansas, Dept Comp Sci & Comp Engn, Fayetteville, AR 72701 USA

来源：

SECURITY AND COMMUNICATION NETWORKS | 2016年 / 9卷 / 10期

关键词：

cloud computing; databases; insider threat; security; SECURITY;

D O I：

10.1002/sec.1405

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Cloud security has become one of the emergent issues because of the immense growth of cloud services. A major concern in cloud security is the insider threat because of the harm that it poses. Therefore, defending cloud systems against insider attacks has become a key demand. This work deals with insider threat in cloud relational database systems. It reveals the flaws in cloud computing that insiders may use to launch attacks and discusses how load balancing across availability zones may increase insider threat. To mitigate this kind of threat, the paper proposes four models, which are peer-to-peer model, centralized model, Mobile-Knowledgebases model, and Guided Mobile-Knowledgebases model, and it discusses their advantages as well as their limitations. Moreover, the paper provides experiments and analysis that compare among the proposed models, demonstrate their effectiveness, and show the conditions under which they work with highest performance. Copyright (c) 2016 John Wiley & Sons, Ltd

引用

页码：1132 / 1145

页数：14

共 50 条

[41] Complexity of Insider Attacks to Databases
Kul, Gokhan
Upadhyaya, Shambhu
Hughes, Andrew
PROCEEDINGS OF THE 2017 INTERNATIONAL WORKSHOP ON MANAGING INSIDER SECURITY THREATS (MIST'17), 2017, : 25 - 32
[42] RELATIONAL DATABASES
BAKER, HG
COMMUNICATIONS OF THE ACM, 1992, 35 (04) : 16 - &
[43] Software Decoys for Insider Threat
Park, Younghee
Stolfo, Salvatore J.
7TH ACM SYMPOSIUM ON INFORMATION, COMPUTER AND COMMUNICATIONS SECURITY (ASIACCS 2012), 2012,
[44] Insider Threat Detection: A Review
Manoharan, Phavithra
Yin, Jiao
Wang, Him
Zhang, Yanchun
Ye, Wenjie
2024 INTERNATIONAL CONFERENCE ON NETWORKING AND NETWORK APPLICATIONS, NANA 2024, 2024, : 147 - 153
[45] Inside the Insider Threat (Introduction)
Bishop, Matt
Nance, Kara
Clark, Jason
PROCEEDINGS OF THE 50TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES, 2017, : 2637 - 2637
[46] Intelligence Analyses and the Insider Threat
Santos, Eugene, Jr.
Hien Nguyen
Yu, Fei
Kim, Keum Joo
Li, Deqing
Wilkinson, John T.
Olson, Adam
Russell, Jacob
Clark, Brittany
IEEE TRANSACTIONS ON SYSTEMS MAN AND CYBERNETICS PART A-SYSTEMS AND HUMANS, 2012, 42 (02): : 331 - 347
[47] Combating the insider cyber threat
Greitzer, Frank L.
Moore, Andrew P.
Cappelli, Dawn M.
Andrews, Dee H.
Carroll, Lynn A.
Hull, Thomas D.
IEEE SECURITY & PRIVACY, 2008, 6 (01) : 61 - 64
[48] An Insider Threat Prediction Model
Kandias, Miltiadis
Mylonas, Alexios
Virvilis, Nikos
Theoharidou, Marianthi
Gritzalis, Dimitris
TRUST, PRIVACY AND SECURITY IN DIGITAL BUSINESS, 2010, 6264 : 26 - 37
[49] Addressing the Insider Threat Introduction
Pfleeger, Shari Lawrence
Stolfo, Salvatore J.
IEEE SECURITY & PRIVACY, 2009, 7 (06) : 10 - 13
[50] Inside the Insider Threat (Introduction)
Bishop, Matt
Nance, Kara
Claycomb, William
PROCEEDINGS OF THE 49TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS 2016), 2016, : 2728 - 2728

← 1 2 3 4 5 →