An overview of insider attacks in cloud computing

Abstract

Summary Cloud computing offers the potential for significant cost reductions and increased agility for users. However, security concerns continue to be raised as a potential barrier to uptake for private, community and public clouds. A report from the European Network and Information Security Agency on the Priorities for Research on Current and Emerging Network Technologies highlighted trusted cloud models as one of its top priorities for further research. More recently - September 2012 - Carnegie Mellon University's computer emergency response team have released a paper describing insider threats to cloud computing as a direction for new research. Further, a project completed at the University of Warwick in 2010 investigated security aspects of cloud computing and in particular the potential for cascade effects. This research involved a detailed modelling of the threat and vulnerability landscape, including the incentives and motivations that might drive attackers. One of the conclusions is that insider threats potentially pose the most significant source of risk. This paper presents the progress made on furthering this research by investigating what attacks are available to insiders together with the damage and implications of such attacks.