Cloud Security Assurance: ‘Elevation of Privilege’ Perspective
Cloud processes require higher privilege accesses for operating information systems and their services. However, studies reveal that these processes get affected by cloud threats due to destabilized privilege management. The outcome of not taking ‘elevation of privilege’ threats into consideration as a vital part of the Cloud security are still being felt at present, in the outward appearance of high visibility and elevated cost security incidents. Keeping in view the same, a prescriptive checklist on, elevation of privilege based on threats and their corresponding countermeasures as checkpoints have been proposed and validated. These mitigating checkpoints have been extracted from the comprehensive study and ‘Root Cause Analysis’ (RCA). In the implementation process, the weight of each checkpoint has been determined with rule based fuzzy logic in order to provide quantified value of ‘Threat Checkpoint Determinant’ and ‘Threat Checkpoint Assurance Determinant’. The checklist has been validated on eight live projects and their results were compared. Results reveal that the checklist may be used by the practitioner in order to avoid ‘elevation of privilege’ threat up to significant extent.