Prevention of Insider Attacks by Integrating Behavior Analysis with Risk based Access Control Model to Protect Cloud

The most dangerous threats faced by organizations are insider attacks. Since insiders are aware of the underlying system, handling insider attack is a most deterring task. The volume of attacks posed by insiders on cloud is very much higher than the traditional systems, as the attack vector and scope of the attack is high in cloud(1). Insider attack affects the reputation and productivity of the organization and drags it into losses. Insiders may cause damage accidentally or intentionally. Proper management of privileges reduces the threats posed by insiders. So by properly managing privileges, insider threats can be reduced. This paper proposes a privilege management mechanism which manages the users by incorporating risk, trust into an access control mechanism to develop more scalable and flexible prevention mechanism against insider attacks. (C) 2015 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).