Preventing Insider Attacks in the Cloud

Cloud computing is becoming popular due to its ability to provide dynamic scalability and elasticity of resources at affordable cost. In spite of these advantages key concerns that prevent large scale adoption of cloud computing today are related to security and privacy of customer's data in the cloud. The main security concerns of clients are loss of direct control of their data and being forced to trust a third party provider with confidential information. Among security threats in the cloud, insider threats pose a serious risk to clients. This paper presents a new access control mechanism that can mitigate security threats in the cloud including those caused by insiders, such as malicious system administrators. The problem is challenging because the cloud provider's system administrators have elevated privileges for performing genuine system maintenance and administration tasks. We describe an access control mechanism that generates immutable security policies for a client, propagates and enforces them at the provider's infrastructure.