Adrian Duncan scite author profile

Summary Cloud computing offers the potential for significant cost reductions and increased agility for users. However, security concerns continue to be raised as a potential barrier to uptake for private, community and public clouds. A report from the European Network and Information Security Agency on the Priorities for Research on Current and Emerging Network Technologies highlighted trusted cloud models as one of its top priorities for further research. More recently—September 2012—Carnegie Mellon University's computer emergency response team have released a paper describing insider threats to cloud computing as a direction for new research. Further, a project completed at the University of Warwick in 2010 investigated security aspects of cloud computing and in particular the potential for cascade effects. This research involved a detailed modelling of the threat and vulnerability landscape, including the incentives and motivations that might drive attackers. One of the conclusions is that insider threats potentially pose the most significant source of risk. This paper presents the progress made on furthering this research by investigating what attacks are available to insiders together with the damage and implications of such attacks. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Cloud Computing: Insider Attacks on Virtual Machines during Migration

Duncan

Creese

Goldsmith

et al. 2013

View full text Add to dashboard Cite

A Combined Attack-Tree and Kill-Chain Approach to Designing Attack-Detection Strategies for Malicious Insiders in Cloud Computing

Duncan

Creese

Goldsmith

2019

View full text Add to dashboard Cite

Attacks on cloud-computing services are becoming more prevalent with recent victims including Tesla, Aviva Insurance and SIM-card manufacturer Gemalto [1]. The risk posed to organisations from malicious insiders is becoming more widely known about and consequently many are now investing in hardware, software and new processes to try to detect these attacks. As for all types of attack vector, there will always be those which are not known about and those which are known about but remain exceptionally difficult to detectparticularly in a timely manner. We believe that insider attacks are of particular concern in a cloud-computing environment, and that cloudservice providers should enhance their ability to detect them by means of indirect detection.We propose a combined attack-tree and kill-chain based method for identifying multiple indirect detection measures. Specifically, the use of attack trees enables us to encapsulate all detection opportunities for insider attacks in cloud-service environments. Overlaying the attack tree on top of a kill chain in turn facilitates indirect detection opportunities higher-up the tree as well as allowing the provider to determine how far an attack has progressed once suspicious activity is detected.We demonstrate the method through consideration of a specific type of insider attack -that of attempting to capture virtual machines in transit within a cloud cluster via use of a network tap, however, the process discussed here applies equally to all cloud paradigms.

show abstract

DES key breaking, encryption and decryption on the XC6216

Kean¹,

Duncan²

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Adrian Duncan

Insider Attacks in Cloud Computing

An overview of insider attacks in cloud computing

Cloud Computing: Insider Attacks on Virtual Machines during Migration

A Combined Attack-Tree and Kill-Chain Approach to Designing Attack-Detection Strategies for Malicious Insiders in Cloud Computing

DES key breaking, encryption and decryption on the XC6216

Contact Info

Product

Resources

About