William R. Claycomb scite author profile

William R. Claycomb

Sign up to set email alerts

|

37Publications

147Citation Statements Received

167Citation Statements Given

How they've been cited

How they cite others

Affiliations

Carnegie Mellon University, New Mexico Institute of Mining and Technology, Sandia National Laboratories

Publications

Order By: Most citations

Insider Threats to Cloud Computing: Directions for New Research Challenges

¹

,

²

2012

View full text Add to dashboard Cite

Cloud computing related insider threats are often listed as a serious concern by security researchers, but to date this threat has not been thoroughly explored. We believe the fundamental nature of current insider threats will remain relatively unchanged in a cloud environment, but the paradigm does reveal new exploit possibilities. The common notion of a cloud insider as a rogue administrator of a service provider is discussed, but we also present two additional cloudrelated insider risks: the insider who exploits a cloud-related vulnerability to steal information from a cloud system, and the insider who uses cloud systems to carry out an attack on an employer's local resources. We also characterize a hierarchy of administrators within cloud service providers, give examples of attacks from real insider threat cases, and show how the nature of cloud systems architectures enables attacks to succeed. Finally, we discuss our position on future cloud research.

A novel node level security policy framework for wireless sensor networks

¹

,

²

2011

Journal of Network and Computer Applications

View full text Add to dashboard Cite

Guest editorial: A brief overview of data leakage and insider threats

¹

,

²

,

³

et al. 2013

Inf Syst Front

View full text Add to dashboard Cite

Identifying indicators of insider threats: Insider IT sabotage

¹

,

²

,

³

et al. 2013

View full text Add to dashboard Cite

Authenticated Dictionary-Based Attribute Sharing in Federated Identity Management

¹

,

²

,

³

2009

View full text Add to dashboard Cite

Toward role-based provisioning and access control for infrastructure as a service (IaaS)

¹

,

²

,

³

et al. 2011

J Internet Serv Appl

View full text Add to dashboard Cite

Cloud computing has drawn much attention in recent years. One of its service models, called infrastructure as a service (IaaS), provides users with infrastructure services such as computation and data storage, heavily dependent upon virtualization techniques. Most of the current IaaS providers take the user-resource direct mapping approach for their business, where individual users are the only type of service consumer who can request and use virtualized resources as long as they pay for the usage. Therefore, in this approach, the users and virtual resources are centrally managed at the IaaS providers. However, this also results in the lack of support for scalable authorization management of users and resources, organization-level policy support, and flexible pricing for business users. Considering the increasing popularity and growing user base of cloud computing, there is a strong need for a more flexible IaaS model with a finer grained access control mechanism than the aforementioned all-or-nothing approach. In this paper we pro- pose a domain-based, decentralized framework for provisioning and managing users and virtualized resources in IaaS. Specifically, an additional layer called domain is introduced to the user-resource direct mapping scheme, whereby de-centralization of user and resource management is facilitated. Our framework also allows the IaaS service provider to delegate its administrative routines to domains so that each domain is able to manage its users and virtualized resources allocated by the IaaS provider. Our domain-based approach offers benefits such as scalable user/resource management, domain-based security and governance policy support, and flexible pricing.

Detecting insider activity using enhanced directory virtualization

¹

,

²

2010

View full text Add to dashboard Cite

Key Establishment Using Group Information for Wireless Sensor Networks

¹

,

²

,

³

et al. 2010

View full text Add to dashboard Cite

12 3 4 5

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Copyright © 2024 scite LLC. All rights reserved.

Made with 💙 for researchers

Part of the Research Solutions Family.