Cloud Security Assurance: ‘Elevation of Privilege’ Perspective

  • Vaishali Singh, S. K. Pandey, Om Pal

Abstract

Cloud processes require higher privilege accesses for operating information systems and their services. However, studies reveal that these processes get affected by cloud threats due to destabilized privilege management. The outcome of not taking ‘elevation of privilege’ threats into consideration as a vital part of the Cloud security are still being felt at present, in the outward appearance of high visibility and elevated cost security incidents. Keeping in view the same, a prescriptive checklist on, elevation of privilege based on threats and their corresponding countermeasures as checkpoints have been proposed and validated. These mitigating checkpoints have been extracted from the comprehensive study and ‘Root Cause Analysis’ (RCA). In the implementation process, the weight of each checkpoint has been determined with rule based fuzzy logic in order to provide quantified value of ‘Threat Checkpoint Determinant’ and ‘Threat Checkpoint Assurance Determinant’. The checklist has been validated on eight live projects and their results were compared. Results reveal that the checklist may be used by the practitioner in order to avoid ‘elevation of privilege’ threat up to significant extent.

Published
2020-01-24
How to Cite
Om Pal, V. S. S. K. P. (2020). Cloud Security Assurance: ‘Elevation of Privilege’ Perspective. International Journal of Advanced Science and Technology, 29(1), 1523 - 1531. Retrieved from http://sersc.org/journals/index.php/IJAST/article/view/3715
Section
Articles