A Taxonomy of Cloud Attack Consequences and Mitigation Strategies: The Role of Access Control and Privileged Access Management
- 1 August 2015
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- Vol. 1, 1073-1080
- https://doi.org/10.1109/trustcom.2015.485
Abstract
Cloud services are now used by many organizations for the computation and storage of both public and sensitive data. Organizations expect that the data stored on clouds will be reasonably protected in terms of confidentiality, integrity and availability (CIA). In this paper, we review the cloud security literature to determine key contemporary attack consequences and mitigation strategies in the cloud environment. We categorize the consequences and mitigation strategies using the people, process and technology (PPT) and CIA classifications. We then construct a taxonomy of consequences and mitigation strategies, and use the themes discovered to present a conceptual privileged access management architecture.Keywords
This publication has 16 references indexed in Scilit:
- The Insider Threat in Cloud ComputingLecture Notes in Computer Science, 2013
- A survey on security issues and solutions at different layers of Cloud computingThe Journal of Supercomputing, 2012
- A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computingFuture Generation Computer Systems, 2012
- Addressing cloud computing security issuesFuture Generation Computer Systems, 2012
- Cloud ForensicsPublished by Springer Science and Business Media LLC ,2011
- Data Theft: A Prototypical Insider ThreatPublished by Springer Science and Business Media LLC ,2008
- Analyzing interaction between distributed denial of service attacks and mitigation technologiesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- Tamper Detection in Audit LogsPublished by Elsevier BV ,2004
- Understanding customer relationship management (CRM)Business Process Management Journal, 2003
- Secure audit logs to support computer forensicsACM Transactions on Information and System Security, 1999