Top

Published in:

2017 | OriginalPaper | Chapter

MITIS - An Insider Threats Mitigation Framework for Information Systems

Authors : Ahmad Ali, Mansoor Ahmed, Muhammad Ilyas, Josef Küng

Published in: Future Data and Security Engineering

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Cloud computing is now among the most extensively used mean for resource sharing as SaaS, PaaS, and IaaS. Computing Scenarios have been emerged into cloud computing instead of distributed computing. It has provided an efficient and flexible way for dynamic services meeting needs and challenges of the time in cost effective manners. Virtual environments provided the opportunity to migrate traditional systems to the cloud. Cloud service providers and Administrators generally have full access on Virtual Machines (VMs) whereas tenants have limited access on respective VMs. Cloud Admins as well as remote administrators also have full access rights on respective resources and may pose severe insiders threats on which tenants haven shown their concerns. Securing these resources are the key issues. In this paper, available practices for cloud security are investigated and a self-managed framework is introduced to mitigate malicious insider threats posed to these virtual environments.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Focusing on Precision- and Trust-Propagation in Knowledge Processing Systems

next chapter Integrating Knowledge-Based Reasoning Algorithms and Collaborative Filtering into E-Learning Material Recommendation System

Data breach statistics by year, industry, more - breach level index. http://breachlevelindex.com/. Accessed 21 May 2017

Baracaldo, N., Palanisamy, B., Joshi, J.: G-sir: an insider attack resilient geo-social access control framework. IEEE Trans. Dependable Sec. Comput. (2017)

Beloglazov, A., Buyya, R., Lee, Y.C., Zomaya, A., et al.: A taxonomy and survey of energy-efficient data centers and cloud computing systems. Adv. Comput. 82(2), 47–111 (2011)CrossRef

Bisong, A., Rahman, M., et al.: An overview of the security concerns in enterprise cloud computing. arXiv preprint (2011). arXiv:1101.5613

Bunn, M., Sagan, S.D.: A worst practices guide to insider threats: lessons from past mistakes. Lang. Magaz. 3, 1 (2017)

Chi, H., Rubio, D.A.: Design insider threat hands-on labs. In: InfoSecCD, pp. 1–17 (2015)

Crawford, M., Peterson, G.: Insider threat detection using virtual machine introspection. In: 2013 46th Hawaii International Conference on System Sciences (HICSS), pp. 1821–1830. IEEE (2013)

Elmrabit, N., Yang, S.H., Yang, L.: Insider threats in information security categories and approaches. In: 2015 21st International Conference on Automation and Computing (ICAC), pp. 1–6. IEEE (2015)

Flynn, L., Huth, C., Trzeciak, R., Buttles, P.: Best practices against insider threats in all nations (2013)

10.

Greitzer, F.L., Moore, A.P., Cappelli, D.M., Andrews, D.H., Carroll, L.A., Hull, T.D.: Combating the insider cyber threat. IEEE Secur. Priv. 6(1), 61–64 (2008)CrossRef

11.

Jouini, M., Rabai, L.B.A., Aissa, A.B.: Classification of security threats in information systems. Procedia Comput. Sci. 32, 489–496 (2014)CrossRef

12.

Kandias, M., Stavrou, V., Bozovic, N., Mitrou, L., Gritzalis, D.: Can we trust this user? Predicting insider’s attitude via youtube usage profiling. In: 2013 IEEE 10th International Conference on and 10th International Conference on Autonomic and Trusted Computing, Ubiquitous Intelligence and Computing (UIC/ATC), pp. 347–354. IEEE (2013)

13.

Kandias, M., Virvilis, N., Gritzalis, D.: The insider threat in cloud computing. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds.) CRITIS 2011. LNCS, vol. 6983, pp. 93–103. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41476-3_8 CrossRef

14.

Khadse, D., Amle, A., Charde, S., Deulkar, S., Patil, P.: Securing cloud using fog: a review (2017)

15.

Khan, M.A.: A survey of security issues for cloud computing. J. Netw. Comput. Appl. 71, 11–29 (2016)CrossRef

16.

Kul, G., Upadhyaya, S.: Towards a cyber ontology for insider threats in the financial sector. J. Wirel. Mobile Netw. Ubiquit. Comput. Dependable Appl. 6(4), 64–85 (2015)

17.

Li, Y., Gai, K., Qiu, L., Qiu, M., Zhao, H.: Intelligent cryptography approach for secure distributed big data storage in cloud computing. Inf. Sci. 387, 103–115 (2017)CrossRef

18.

Melis, A., Prandini, M., Giallorenzo, S., Callegati, F.: Insider threats in emerging mobility-as-a-service scenarios. In: Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

19.

Mishra, P., Pilli, E.S., Varadharajan, V., Tupakula, U.: Intrusion detection techniques in cloud environment: a survey. J. Netw. Comput. Appl. 77, 18–47 (2017)CrossRef

20.

Richardson, R., Director, C.: CSI computer crime and security survey. Comput. Secur. Inst. 1, 1–30 (2008)

21.

Schlicher, B.G., MacIntyre, L.P., Abercrombie, R.K.: Towards reducing the data exfiltration surface for the insider threat. In: 2016 49th Hawaii International Conference on System Sciences (HICSS), pp. 2749–2758. IEEE (2016)

22.

Silowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J., Flynn, L.: Common sense guide to mitigating insider threats, 4th edn. Technical report, DTIC Document (2012)

23.

Sokolowski, J.A., Banks, C.M.: Agent implementation for modeling insider threat. In: Proceedings of the 2015 Winter Simulation Conference, pp. 266–275. IEEE Press (2015)

24.

Szefer, J., Jamkhedkar, P., Perez-Botero, D., Lee, R.B.: Cyber defenses for physical attacks and insider threats in cloud computing. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 519–524. ACM (2014)

25.

Insider Threat Integrated Process Team. DoD insider threat mitigation (2000)

26.

Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Comput. Secur. 24(6), 472–484 (2005)CrossRef

27.

Westphal, F., Axelsson, S., Neuhaus, C., Polze, A.: VMI-PL: a monitoring language for virtual platforms using virtual machine introspection. Digit. Invest. 11, S85–S94 (2014)CrossRef

28.

Yaseen, Q., Jararweh, Y., Panda, B., Althebyan, Q.: An insider threat aware access control for cloud relational databases. Cluster Comput. 20, 1–17 (2017)CrossRef

29.

Yu, T., Fayaz, S.K., Collins, M., Sekar, V., Seshan, S.: PSI: precise security instrumentation for enterprise networks (2017)

30.

Yusop, Z.M., Abawajy, J.: Analysis of insiders attack mitigation strategies. Procedia Soc. Behav. Sci. 129, 581–591 (2014)CrossRef

Title: MITIS - An Insider Threats Mitigation Framework for Information Systems
Authors: Ahmad Ali
Mansoor Ahmed
Muhammad Ilyas
Josef Küng
Publisher: Springer International Publishing
Book: Future Data and Security Engineering
Print ISBN: 978-3-319-70003-8

Electronic ISBN: 978-3-319-70004-5

Copyright Year: 2017
DOI: https://doi.org/10.1007/978-3-319-70004-5_29

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner