, Amazon Web Services, 2018.

G. Cloud-platform, , 2018.

M. Azure, , 2018.

N. Alhebaishi, L. Wang, S. Jajodia, and A. Singhal, Threat modeling for cloud data center infrastructures, Foundations and Practice of Security-9th International Symposium, FPS 2016, pp.302-319, 2016.

Q. Althebyan and B. Panda, A knowledge-base model for insider threat prediction, IEEE SMC Information Assurance and Security Workshop, pp.239-246, 2007.

K. Bakshi, Cisco cloud computing-data center strategy, architecture, and solutions, 2009.

M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates, We have met the enemy and he is us, Proceedings of the 2008 New Security Paradigms Workshop, NSPW '08, pp.1-12, 2008.

S. Bleikertz, A. Kurmus, Z. A. Nagy, and M. Schunter, Secure cloud maintenance: Protecting workloads against insider attacks, Proceedings of the 7th ACM Symposium on Information, vol.12, pp.83-84, 2012.

D. Borbor, L. Wang, S. Jajodia, and A. Singhal, Diversifying network services under cost constraints for better resilience against unknown attacks, Data and Applications Security and Privacy XXX-30th Annual IFIP WG 11.3 Conference, pp.295-312, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01633677

R. Chinchani, A. Iyer, H. Q. Ngo, and S. Upadhyaya, Towards a theory of insider threat assessment, 2005 International Conference on Dependable Systems and Networks (DSN'05), pp.108-117, 2005.

W. R. Claycomb and A. Nicoll, Insider threats to cloud computing: Directions for new research challenges, 2012 IEEE 36th Annual Computer Software and Applications Conference, pp.387-394, 2012.

, Security guidance for critical areas of focus in cloud computing v 3.0, 2011.

, Top threats to cloud computing, 2018.

K. Dahbur, B. Mohammad, and A. B. Tarakji, A survey of risks, threats and vulnerabilities in cloud computing, Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications, ISWSA '11, vol.12, pp.1-12, 2011.

N. Gruschka and M. Jensen, Attack surfaces: A taxonomy for attacks on cloud services, 2010 IEEE 3rd international conference on cloud computing, pp.276-279, 2010.

M. Gupta, J. Rees, A. Chaturvedi, and J. Chi, Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach. Decision Support Systems, vol.41, pp.592-603, 2006.

M. Hany, VMware VSphere In The Enterprise

I. Iso-std and . Iso, Information technology-Security techniques-Code of practice for information security controls based on ISO/IEC 27002 for cloud services, 2012.

M. Li, W. Zang, K. Bai, M. Yu, and P. Liu, Mycloud: Supporting user-configured privacy protection in cloud computing, Proceedings of the 29th Annual Computer Security Applications Conference, ACSAC '13, pp.59-68, 2013.

J. Luna, H. Ghani, D. Germanus, and N. Suri, A security metrics framework for the cloud, Security and Cryptography (SECRYPT), 2011 Proceedings of the International Conference on, pp.245-250, 2011.

J. Luna, H. Ghani, D. Germanus, and N. Suri, A security metrics framework for the cloud, Security and Cryptography (SECRYPT), 2011 Proceedings of the International Conference on, pp.245-250, 2011.

S. Mathew, S. Upadhyaya, D. Ha, and H. Q. Ngo, Insider abuse comprehension through capability acquisition graphs, 11th International Conference on Information Fusion, pp.1-8, 2008.

. O. Openstack and . Operations-guide,

I. Ray and N. Poolsapassit, Proceedings, chapter Using Attack Trees to Identify Malicious Attacks from Authorized Insiders, pp.231-246, 2005.

A. Roy, S. Sural, A. K. Majumdar, J. Vaidya, and V. Atluri, On optimal employee assignment in constrained role-based access control systems, ACM Trans. Manage. Inf. Syst, vol.7, issue.4, 2016.

R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, Role-based access control models, Computer, vol.29, issue.2, pp.38-47, 1996.

P. Saripalli and B. Walters, Quirc: A quantitative impact and risk assessment framework for cloud security, 2010 IEEE 3rd International Conference on Cloud Computing, pp.280-288, 2010.

A. Sarkar, S. Khler, S. Riddle, B. Ludaescher, and M. Bishop, Insider attack identification and prevention using a declarative approach, IEEE Security and Privacy Workshops, pp.265-276, 2014.

F. B. Shaikh and S. Haider, Security threats in cloud computing, Internet Technology and Secured Transactions (ICITST), 2011 International Conference for, pp.214-219, 2011.

O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, Automated generation and analysis of attack graphs, Proceedings. 2002 IEEE Symposium on, pp.273-284, 2002.

W. K. Sze, A. Srivastava, and R. Sekar, Hardening openstack cloud platforms against compute node compromises, Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS '16, pp.341-352, 2016.

L. Wang, S. Jajodia, A. Singhal, P. Cheng, and S. Noel, k-zero day safety: A network security metric for measuring the risk of unknown vulnerabilities, IEEE Transactions on Dependable and Secure Computing, vol.11, issue.1, pp.30-44, 2014.