An insider threat aware access control for cloud relational databases

Qussai Yaseen; Yaser Jararweh; Brajendra Panda; Qutaibah Althebyan

doi:10.1007/s10586-017-0810-y

An insider threat aware access control for cloud relational databases

Qussai Yaseen
, Yaser Jararweh
, Brajendra Panda
, Qutaibah Althebyan

Jordan University of Science and Technology
University of Arkansas System

Research output: Contribution to journal › Article › peer-review

19 Scopus citations

Abstract

The request-response paradigm that consists of policy decision points (PDPs) and policy enforcement points (PEPs) is used for access control in Cloud computing. The model uses PEP-side caching to increase the availability and reduce the processing overhead on PDP. This paper shows that using PEP-side caching can be exploited by insiders to bypass cloud access control mechanisms, which increases insider threat in cloud computing. To overcome this problem, the paper proposes a manageable model that detects and prevents insider threat at PEP side with minimum overhead on the performance of PEP and PDP. The model has been extensively tested and the results show its effectiveness in mitigating insider threat. Moreover, the experiments demonstrate that the overhead posed by the model on PEP and PDP is low. Lemmas, theorems and algorithm have been provided to show the correctness and the applicability of the proposed approach.

Original language	English
Pages (from-to)	2669-2685
Number of pages	17
Journal	Cluster Computing
Volume	20
Issue number	3
DOIs	https://doi.org/10.1007/s10586-017-0810-y
State	Published - 1 Sep 2017
Externally published	Yes

Keywords

Access control
Cloud computing
Insider threat
PEP-side caching
Relational databases

Access to Document

10.1007/s10586-017-0810-y

Cite this

@article{5542c932fcac47c997d5498d579a6e63,

title = "An insider threat aware access control for cloud relational databases",

abstract = "The request-response paradigm that consists of policy decision points (PDPs) and policy enforcement points (PEPs) is used for access control in Cloud computing. The model uses PEP-side caching to increase the availability and reduce the processing overhead on PDP. This paper shows that using PEP-side caching can be exploited by insiders to bypass cloud access control mechanisms, which increases insider threat in cloud computing. To overcome this problem, the paper proposes a manageable model that detects and prevents insider threat at PEP side with minimum overhead on the performance of PEP and PDP. The model has been extensively tested and the results show its effectiveness in mitigating insider threat. Moreover, the experiments demonstrate that the overhead posed by the model on PEP and PDP is low. Lemmas, theorems and algorithm have been provided to show the correctness and the applicability of the proposed approach.",

keywords = "Access control, Cloud computing, Insider threat, PEP-side caching, Relational databases",

author = "Qussai Yaseen and Yaser Jararweh and Brajendra Panda and Qutaibah Althebyan",

note = "Publisher Copyright: {\textcopyright} 2017, Springer Science+Business Media New York.",

year = "2017",

month = sep,

day = "1",

doi = "10.1007/s10586-017-0810-y",

language = "English",

volume = "20",

pages = "2669--2685",

journal = "Cluster Computing",

issn = "1386-7857",

publisher = "Springer",

number = "3",

}

TY - JOUR

T1 - An insider threat aware access control for cloud relational databases

AU - Yaseen, Qussai

AU - Jararweh, Yaser

AU - Panda, Brajendra

AU - Althebyan, Qutaibah

PY - 2017/9/1

Y1 - 2017/9/1

N2 - The request-response paradigm that consists of policy decision points (PDPs) and policy enforcement points (PEPs) is used for access control in Cloud computing. The model uses PEP-side caching to increase the availability and reduce the processing overhead on PDP. This paper shows that using PEP-side caching can be exploited by insiders to bypass cloud access control mechanisms, which increases insider threat in cloud computing. To overcome this problem, the paper proposes a manageable model that detects and prevents insider threat at PEP side with minimum overhead on the performance of PEP and PDP. The model has been extensively tested and the results show its effectiveness in mitigating insider threat. Moreover, the experiments demonstrate that the overhead posed by the model on PEP and PDP is low. Lemmas, theorems and algorithm have been provided to show the correctness and the applicability of the proposed approach.

AB - The request-response paradigm that consists of policy decision points (PDPs) and policy enforcement points (PEPs) is used for access control in Cloud computing. The model uses PEP-side caching to increase the availability and reduce the processing overhead on PDP. This paper shows that using PEP-side caching can be exploited by insiders to bypass cloud access control mechanisms, which increases insider threat in cloud computing. To overcome this problem, the paper proposes a manageable model that detects and prevents insider threat at PEP side with minimum overhead on the performance of PEP and PDP. The model has been extensively tested and the results show its effectiveness in mitigating insider threat. Moreover, the experiments demonstrate that the overhead posed by the model on PEP and PDP is low. Lemmas, theorems and algorithm have been provided to show the correctness and the applicability of the proposed approach.

KW - Access control

KW - Cloud computing

KW - Insider threat

KW - PEP-side caching

KW - Relational databases

UR - https://www.scopus.com/pages/publications/85015629115

U2 - 10.1007/s10586-017-0810-y

DO - 10.1007/s10586-017-0810-y

M3 - Article

AN - SCOPUS:85015629115

SN - 1386-7857

VL - 20

SP - 2669

EP - 2685

JO - Cluster Computing

JF - Cluster Computing

IS - 3

ER -

An insider threat aware access control for cloud relational databases

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this