emergence has considerably transformed everyone’s view towards the
infrastructural design, service delivery and development frameworks 1 2.
Protruding as an evolutionary pace, following the growth from mainframe type of
computers to advanced client-server deployment models, Cloud Computing
comprehends elements from grid and utility computing into modern and innovative
deployment architecture 2 3 4. But, still Cloud Computing adoptions are
threatened by unanswered issues of security that impinge on both, the providers
and users of Cloud. As security visibilities are now concealed behind the
levels of abstraction, there arises a need for development process that would
help to analyse all threats and provide their countermeasures 9 10 11
every cloud threat exploits the kernel of security weaknesses. The cloud
business faces continuous threat challenges even after the regular updates
which are provided by the Internet Security 6 7. After well implementation
of security controls, effectual blocking is targeted for threats. A fast
supporting detection system is applicable as initial defences, giving the
maximum precedence to instant risk cutback against the targeted. For example,
phishing attacker needs the user credentials and elevation of privilege needs
administrative privileges to install malware 6 7. Still the cloud
infrastructure gets affected due to undeveloped privilege management.
emerging cloud vulnerabilities intend to hinder the cloud database management, cloud
based web service and essential models of cloud, which pose massive threat to
cloud system 9 10 11. The recent threat reports reflect the statistics on
the most significant threats to cloud security. The major security reports determine
those threats that occur due to ineffective controls in the security domain 7.
Report analysis suggests the important obstacles causing cloud business
disruption are internal self-vulnerabilities, both in privilege management and
application control 8.In these
security challenges the prominent focus was on elevation of privilege attack,
which was found in the following security concerns:
Insufficient Identity, Insecure Interfaces and APIs, Credential and Access
Management, System Vulnerabilities, Account Hijacking, Insufficient Due
Diligence, Shared Technology Vulnerabilities 45.
objective of this research is to provide a broad review of the existing
literature covering various dimensions of the elevation of privilege threat
related to Cloud. The paper includes various conclusive findings in elevation
of privilege threat, based on the related published work and industry trends.
These may help in the development of a process that would help to analyse the
threat and provide countermeasures for same.
this “Introduction-Elevation of Privilege” on the background details,
the rest of this paper is organized as follows. The section II defines “Root
Cause Study”. Section III highlights “The survey of related work”
and Section IV determines “Conclusive Finding”. Finally, “Conclusion
and the Future Work” are reported in section V.