Access Control
Most cloud systems include basic access control. Almost
every system has privileged users, such as system
administrators who have unrestricted access to
user data. When data or processes are outsourced
via the cloud, possibly sensitive data or processes are
handed over for safekeeping. In a local setting, users
know whom they trust with their data, but in a cloud
setting users rarely know the location of the cloud
server, the people managing it at the server side, and
who has access to it in general.
Insider threats are particularly concerning, because
such attacks can lead to enormous damage.
Malicious employees can cause major harm, but
even negligence can inflict damage by allowing outside
attackers to obtain insider privileges. Cloud
services are attractive targets for criminals, because
a successful attack can yield a large amount of information.
Attacks can vary from inappropriately
accessing information to divulging or altering personal
data. A privacy leak can be damaging by itself,
but publishing or forging personal information can
cause even more serious harm.
In some cases, data or processes are provided for
a particular purpose, or stored with a particular aim
in mind. A common concern is usage creep, when
data stored in the cloud is accessed and used by the
cloud service provider for a purpose other than the
one the client intended. Cryptographic access control
models address some of these issues.