• May 03, 2016 News! IJIET Vol. 5, No. 10 has been indexed by EI (Inspec).   [Click]
  • Jun 28, 2017 News!Vol. 7, No. 9 has been indexed by Crossref.
  • Jun 22, 2017 News!Vol. 7, No. 9 issue has been published online!   [Click]
General Information
    • ISSN: 2010-3689
    • Frequency: Bimonthly (2011-2014); Monthly (Since 2015)
    • DOI: 10.18178/IJIET
    • Editor-in-Chief: Prof. Dr. Steve Thatcher
    • Executive Editor: Ms. Nancy Y. Liu
    • Abstracting/ Indexing: EI (INSPEC, IET), Electronic Journals Library, Google Scholar, Crossref and ProQuest
    • E-mail: ijiet@ejournal.net
Editor-in-chief
Prof. Dr. Steve Thatcher
University of South Australia, Australia
It is my honor to be the editor-in-chief of IJIET. The journal publishes good papers which focous on the advanced researches in the field of information and education technology. Hopefully, IJIET will become a recognized journal among the scholars in the filed of information and education technology.
IJIET 2014 Vol.4(6): 483-486 ISSN: 2010-3689
DOI: 10.7763/IJIET.2014.V4.455

A Demonstration of Malicious Insider Attacks inside Cloud IaaS Vendor

Minh-Duong Nguyen, Ngoc-Tu Chau, Seungwook Jung, and Souhwan Jung
Abstract—Until now, many researches have carried out analyzing the vulnerabilities as well as finding the defense strategies for malicious insider (MI) at cloud environment. However, all these previous works only considered the perspective of MI attacks that are originated from tenant side in a public cloud. Furthermore, in these existing works, the MI attack techniques are only basically and abstractly described. Without the proof of concept, MI attacks are just theoretical threats. In this paper, we consider the scenario that MI executes the attack inside the Cloud IaaS vendor. Moreover, in order to show the realistic of MI attacks in the scenario, this paper introduces three concrete MI attacks with a proof of concept implementation based on existing tools. Three introduced MI attacks in this paper are: memory scanning, template poisoning, and snapshot cracking. The demonstration result shows that MI attacks inside cloud IaaS vendor are no longer potential threats but realistic issues that we need to consider.

Index Terms—CloudStack, malicious insider, insider threats, cloud computing, cloud security, security threats.

Minh-Duong Nguyen, Ngoc-Tu Chau, Seungwook Jung, and Souhwan Jung are with Soongsil University, Seoul, Korea (e-mail: nguyenminhduong@ssu.ac.kr, chaungoctu@ssu.ac.kr, seungwookj@ssu.ac.kr, souhwanj@ssu.ac.kr).

[PDF]

Cite: Minh-Duong Nguyen, Ngoc-Tu Chau, Seungwook Jung, and Souhwan Jung, "A Demonstration of Malicious Insider Attacks inside Cloud IaaS Vendor," International Journal of Information and Education Technology vol. 4, no. 6, pp. 483-486, 2014.

Copyright © 2008-2017. International Journal of Information and Education Technology. All rights reserved.
E-mail: ijiet@ejournal.net