Abstract
Security is a key challenge in the deployment and broader acceptance of cloud computing services, and existing research efforts include evaluating the effectiveness of various security solutions such as security policy implementations and technological solutions. Attacks on cloud environment may be considered from the criminological perspective, and crime theories be used to protect the cloud. This paper introduces a conceptual cloud security model utilizing the concept of situational crime prevention (SCP). Using SCP techniques, it may be possible to design process and technology-based steps to modifying the cloud computing environment to make it less attractive to crime.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ab Rahman, N.H., Choo, K.-K.R.: A survey of information security incident handling in the cloud. Comput. Secur. 49, 45–69 (2015)
Abdollahifar, A.: Network and Security Challenges in Cloud Computing Infrastructure as a Service Model (2013)
Alam, Q., Malik, S.U.R., Akhunzada, A., Choo, K.-K.R., Tabbasum, S., Alam, M.: A cross tenant access control (CTAC) model for cloud computing: formal specification and verification. IEEE Trans. Inf. Forensics Secur. 12(6), 1259–1268 (2017)
Antonopoulos, N., Gillam, L.: Cloud Computing: Principles, Systems and Applications. Springer, Heidelberg (2010). https://doi.org/10.1007/978-1-84996-241-4
Archer, J., Boehm, A.: Security guidance for critical areas of focus in cloud computing. Cloud Security Alliance (2009)
AS/NZS: ISO/IEC 27002:2006 - Information Technology - Security Techniques - Code of Practice for Information Security Management (2006)
Attorney-General’s Department: National Plan to Combat Cybercrime. Attorney-General’s Department, Canberra, ACT, Australia (2013)
Australian Signals Directorate: Strategies to Mitigate Cyber Security Incidents. Australian Department of Defense, Canberra (2017)
Beebe, N.L., Rao, V.S.: Using situational crime prevention theory to explain the effectiveness of information systems security. In: Proceedings of the 2005 Software Conference, Las Vegas (2005)
Bowen, P., Hash, J., Wilson, M.: SP 800-100. Information Security Handbook: A Guide for Managers (2006). https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-100.pdf. Accessed 26 Mar 2018
Brock, M., Goscinski, A.: Toward a framework for cloud security. In: Hsu, C.-H., Yang, Laurence T., Park, J.H., Yeo, S.-S. (eds.) ICA3PP 2010. LNCS, vol. 6082, pp. 254–263. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13136-3_26
Carroll, M., Van Der Merwe, A., Kotze, P.: Secure cloud computing: benefits, risks and controls. In: Information Security South Africa (ISSA), pp. 1–9. IEEE (2011)
Choo, K.-K.R.: Cloud Computing Challenges and Future Directions. Australian Institute of Criminology, Canberra (2010)
Choo, K.-K.R.: A conceptual interdisciplinary plug-and-play cyber security framework. In: Kaur, H., Tao, X. (eds.) ICTs and the Millennium Development Goals, pp. 81–99. Springer, Boston (2014). https://doi.org/10.1007/978-1-4899-7439-6_6
Christie, S.: 2011 CWE/SANS Top 25 Most Dangerous Software Errors (2011). http://cwe.mitre.org/top25/. Accessed 5 Sept 2013
Clarke, R.: Situational Crime Prevention. Criminal Justice Press, Monsey (1997)
Clarke, R.V.: Situational crime prevention: its theoretical basis and practical scope. Crime Justice 4, 225–256 (1983)
Cloud Security Alliance: ‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016. Cloud Security Alliance (2016)
Cornish, D.B.: The procedural analysis of offending and its relevance for situational prevention. Crime Prev. Stud. 3, 151–196 (1994)
Cornish, D.B., Clarke, R.V.: Opportunities, precipitators and criminal decisions: a reply to Wortley’s critique of situational crime prevention. Crime Prev. Stud. 16, 41–96 (2003)
D’Orazio, C.J., Choo, K.-K.R.: A technique to circumvent SSL/TLS validations on iOS devices. Future Gener. Comput. Syst. 74, 366–374 (2017)
D’Orazio, C.J., Choo, K.-K.R., Yang, L.T.: Data exfiltration from internet of things devices: iOS devices as case studies. IEEE Internet Things J. 4(2), 524–535 (2017)
Dawoud, W., Takouna, I., Meinel, C.: Infrastructure as a service security: challenges and solutions. In: 2010 The 7th International Conference on Informatics and Systems (INFOS), pp. 1–8. IEEE (2010)
Duncan, A.J., Creese, S., Goldsmith, M.: Insider attacks in cloud computing. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 857–862. IEEE (2012)
Felson, M., Clarke, R.V.G.: Opportunity Makes the Thief: Practical Theory for Crime Prevention. Home Office, Policing and Reducing Crime Unit, Research, Development and Statistics Directorate, London (1998)
Ghorbani, A.A., Lu, W., Tavallaee, M.: Network Attacks, 1st edn. Springer, Boston (2010)
Goodman, S., Straub, D.W., Baskerville, R., Goodman, S.E., Ebrary, I.: Information Security: Policy, Processes and Practices. M. E. Sharpe Incorporated, Armonk (2008)
Greenberg, A., Hamilton, J., Maltz, D.A., Patel, P.: The cost of a cloud: research problems in data center networks. ACM SIGCOMM Comput. Commun. Rev. 39(1), 68–73 (2008)
Gu, L., Zeng, D., Guo, D.: Vehicular cloud computing: a survey. In: IEEE Globecom Workshops, pp. 403–407 (2013)
Hartel, P., Junger, M., Wieringa, R.: Cyber-crime Science = Crime Science + Information Security (2010). https://research.utwente.nl/en/publications/cyber-crime-science-crime-science-information-security. Accessed 29 Aug 2017
Hiller, J.S., Russell, R.S.: The challenge and imperative of private sector cybersecurity: an international comparison. Comput. Law Secur. Rev. 29(3), 236–245 (2013)
Hinduja, S., Kooi, B.: Curtailing cyber and information security vulnerabilities through situational crime prevention. Secur. J. 26(4), 383–402 (2013)
Hollis-Peel, M.E., Welsh, B.C.: What makes a guardian capable? A test of guardianship in action. Secur. J. 27(3), 320–337 (2014)
Hooper, C., Martini, B., Choo, K.-K.R.: Cloud computing and its implications for cybercrime investigations in Australia. Comput. Law Secur. Rev. 29(2), 152–163 (2013)
Hunton, P.: The stages of cybercrime investigations: bridging the gap between technology examination and law enforcement investigation. Comput. Law Secur. Rev. 27(1), 61–67 (2011)
Iqbal, S., Kiah, M.L.M., Dhaghighi, B., Hussain, M., Khan, S., Khan, M.K., Choo, K.-K.R.: On cloud security attacks: a taxonomy and intrusion detection and prevention as a service. J. Netw. Comput. Appl. 74, 98–120 (2016)
Julidotter, N., Choo, K.-K.R.: CATRA: conceptual cloud attack taxonomy and risk assessment framework. In: Ko, R., Choo, K-K.R. (ed.) Cloud Security Ecosystem. Syngress, an Imprint of Elsevier, Amsterdam (2015)
Khan, M.F., Ullah, M.A., Aziz-Ur-Rehman: An approach towards customized multi-tenancy. Int. J. Mod. Educ. Comput. Sci. 4(9), 39 (2012)
Kigerl, A.: Routine activity theory and the determinants of high cybercrime countries. Soc. Sci. Comput. Rev. 30(4), 470–486 (2012)
Leukfeldt, E.R.: Phishing for suitable targets in the Netherlands: routine activity theory and phishing victimization. Cyberpsychology Behav. Soc. Netw. 17(8), 551–555 (2014)
Litke, P., Stewart, J.: BGP Hijacking for Cryptocurrency Profit (2014). http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/
Lokhande, M.T.S., Shelke, P.R.R.: A review paper on cloud computing security. Int. J. Adv. Res. Comput. Sci. 4(6), 70 (2013)
Mell, P., Grance, T.: The NIST Definition of Cloud Computing (2011). http://dx.doi.org/10.6028/NIST.SP.800-145. Accessed 29 Aug 2017
Microsoft 2017: Microsoft Security Intelligence Report, vol. 22, January–March 2017. http://download.microsoft.com/download/F/C/4/FC41DE26-E641-4A20-AE5B-E38A28368433/Security_Intelligence_Report_Volume_22.pdf. Accessed 29 Aug 2017
National Institute of Standards and Technology (NIST): Security and Privacy Controls for Information Systems and Organizations (2017). http://csrc.nist.gov/publications/drafts/800-53/sp800-53r5-draft.pdf. Accessed 29 Aug 2017
Navarro, J.N., Jasinski, J.L.: Why girls? Using routine activities theory to predict cyberbullying experiences between girls and boys. Women Crim. Justice 23(4), 286–303 (2013)
O’Connor, F.: Rackspace DNS Recovers After DDoS Brings System Down. In: PCWorld (2014). http://www.pcworld.com/article/2863592/rackspace-dns-recovers-after-ddos-brings-system-down.html. Accessed 29 Aug 2017
Osanaiye, O., Choo, K.-K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud ddos mitigation framework. J. Netw. Comput. Appl. 67, 147–165 (2016)
Ouedraogo, M., Mouratidis, H.: Selecting a cloud service provider in the age of cybercrime. Comput. Secur. 38, 3–13 (2013)
Paganini, P.: 2013 - The Impact of Cybercrime (2013). http://resources.infosecinstitute.com/2013-impact-cybercrime/. Accessed 29 Aug 2017
Pratt, T.C., Holtfreter, K., Reisig, M.D.: Routine online activity and internet fraud targeting: extending the generality of routine activity theory. J. Res. Crime Delinq. 47(3), 267–296 (2010)
Poh, G.S., Chin, J.J., Yau, W.C., Choo, K.-K.R., Mohamad, M.S.: Searchable symmetric encryption: designs and challenges. ACM Comput. Surv. 50(3), 1–37 (2017). Article 40
PWC: US Cybercrime: Rising Risks, Reduced Readiness. Key Findings from the 2014 US State of Cybercrime Survey (2014). http://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdf. Accessed 29 Aug 2017
Quick, D., Martini, B., Choo, K.-K.R.: Cloud Storage Forensics. Syngress, an Imprint of Elseiver, Amsterdam (2013)
Rogers, A.: From Peer-to-Peer Networks to cloud Computing: How Technology is Redefining Child Pornography Laws (2012). Available at SSRN 2006664
Samonas, S.: Insider Fraud and Routine Activity Theory (2013). http://eprints.lse.ac.uk/50344/. Accessed 29 Aug 2017
Sawers, P.: Playstation Network and Xbox Live Ddos Arrest: U.K. Authorities Grab an 18-Year-Old Man. Venture Beat (2015)
Smith, R.G.: Responding to organised crime through intervention in recruitment pathways. Trends Issues Crime Crim. Justice 473, 1–6 (2014)
Stockman, M.: Insider hacking: applying situational crime prevention to a new white-collar crime. In: RIIT Proceedings of the 3rd Annual Conference on Research in Information Technology, pp. 53–56 (2014)
Stoneburner, G., Hayden, C., Feringa, A.: Engineering Principles for Information Technology Security (a Baseline for Achieving Security). DTIC Document (2001)
Takabi, H., Joshi, J.B., Ahn, G.J.: Securecloud: towards a comprehensive security framework for cloud computing environments. In: IEEE 34th Annual Computer Software and Applications Conference Workshops (COMPSACW), pp. 393–398. IEEE (2010)
TrendLabs: Small Business is Big Business in Cybercrime (2015). https://www.trendmicro.de/cloud-content/us/pdfs/internet-safety/tlp_small-business-big-for-cybercrime.pdf. Accessed 29 Aug 2017
Varadharajan, V., Tupakula, U.: Security as a service model for cloud environment. IEEE Trans. Netw. Serv. Manag. 11(1), 60–75 (2014)
Verizon: Verizon 2015 Data Breach Investigations Report. Verizon Enterprise Solutions (2015). http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report_2015_en_xg.pdf. Accessed 29 Aug 2017
Vidal, C., Choo, K.-K.R.: The current state of an IaaS provider. In: Ko, R., Choo, K.-K.R. (eds.) The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues, pp. 401–426. Syngress, Boston (2015)
Willison, R.: Understanding and addressing criminal opportunity: the application of situational crime prevention to is security. J. Financ. Crime 7(3), 201–210 (2000)
Willison, R., Backhouse, J.: Opportunities for computer crime: considering systems risk from a criminological perspective. Eur. J. Inf. Syst. 15(4), 403–414 (2006)
Yar, M.: The novelty of ‘Cybercrime’ an assessment in light of routine activity theory. Eur. J. Criminol. 2(4), 407–427 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Vidal, C., Choo, KK.R. (2018). Situational Crime Prevention and the Mitigation of Cloud Computing Threats. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds) Security and Privacy in Communication Networks. SecureComm 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 239. Springer, Cham. https://doi.org/10.1007/978-3-319-78816-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-78816-6_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-78815-9
Online ISBN: 978-3-319-78816-6
eBook Packages: Computer ScienceComputer Science (R0)