PENGEMBANGAN FRAMEWORK TATA KELOLA AKSES MULTI-TENANT UNTUK MITIGASI ANCAMAN INSIDER DI CLOUD PUBLIK

Authors

  • Azis Catur Laksono Universitas Amikom Yogyakarta
  • Bety Wulan Sari Universitas Amikom Yogyakarta

DOI:

https://doi.org/10.51401/jinteks.v7i3.6574

Keywords:

Insider Threat, Multi-Tenant, Access Control, Anomaly Detection

Abstract

Ancaman insider menjadi tantangan serius dalam cloud publik multi-tenant, sehingga diperlukan pendekatan keamanan adaptif berbasis tata kelola. Penelitian ini mengembangkan framework tata kelola akses terintegrasi untuk mendeteksi dan memitigasi ancaman insider dengan memperhitungkan dinamika peran, konteks perilaku pengguna, dan relasi antar-tenant. Framework diimplementasikan pada lingkungan simulasi OpenStack (versi Yoga) dengan 3 tenant aktif dan 50 skenario simulasi, termasuk 10 skenario penyalahgunaan akses. Pengujian terstruktur dengan lima kali replikasi dilakukan untuk membandingkan kinerja framework terhadap RBAC dan ABAC menggunakan metrik precision, recall, F1-score, waktu tanggap, dan overhead performa. Hasil menunjukkan framework mencapai rata-rata precision sebesar 0,885, recall sebesar 0,878, dan F1-score sebesar 0,92, lebih tinggi dibandingkan RBAC (0,78) dan ABAC (0,84). Waktu tanggap rata-rata 2,3 detik dan overhead performa 6,5%, masih berada dalam ambang toleransi operasional yang dapat diterima pada platform cloud berskala besar. Temuan ini membuktikan bahwa pendekatan terintegrasi berbasis kepercayaan dan evaluasi kontekstual dapat meningkatkan akurasi deteksi, mengurangi kesalahan klasifikasi, dan mempertahankan efisiensi operasional. Framework yang diusulkan berpotensi dikembangkan lebih lanjut untuk skala produksi dan diintegrasikan dengan teknologi SIEM (Security Information and Event Management) serta SOAR (Security Orchestration, Automation, and Response) guna memperkuat keamanan cloud secara menyeluruh.

References

H. M. Zangana, Z. B. Sallow, and M. Omar, “The Human Factor in Cybersecurity: Addressing the Risks of Insider Threats,” Jurnal Ilmiah Computer Science, vol. 3, no. 2, pp. 76–85, Jan. 2025, doi: 10.58602/jics.v3i2.37.

N. Khan, R. J. Houghton, and S. Sharples, “Understanding factors that influence unintentional insider threat: a framework to counteract unintentional risks,” Cognition, Technology and Work, vol. 24, no. 3, pp. 393–421, Aug. 2022, doi: 10.1007/S10111-021-00690-Z/TABLES/7.

D. Singh, S. Sinha, and V. Thada, “A novel attribute based access control model with application in IaaS cloud,” Journal of Integrated Science and Technology, vol. 10, no. 2, pp. 79–86, Jul. 2022, Accessed: May 12, 2025. [Online]. Available: https://www.pubs.iscience.in/journal/index.php/jist/article/view/1424

F. Janjua, A. Masood, H. Abbas, and I. Rashid, “Handling Insider Threat Through Supervised Machine Learning Techniques,” Procedia Comput Sci, vol. 177, pp. 64–71, Jan. 2020, doi: 10.1016/J.PROCS.2020.10.012.

M. Vanitha, M. N. Patel, K. Madhumitha, and J. Sathvika, “Enhancing Insider Threat Detection in Cloud Environments Through Ensemble Learning,” International Journal of Communication Networks and Information Security (IJCNIS), pp. 638–647, Dec. 2024, Accessed: May 12, 2025. [Online]. Available: https://www.ijcnis.org/index.php/ijcnis/article/view/7870

A. K. Yadav, M. L. Garg, and Ritika, “Security-Aware Efficient Multi-tenant Cloud Environment,” pp. 419–430, 2023, doi: 10.1007/978-981-99-1620-7_33.

K. V. Ratnam and R. R. Yasani, “Multi-tenant data isolation techniques in public clouds assessing the effectiveness of isolation mechanisms,” World Journal of Advanced Research and Reviews (WJARR), vol. 12, no. 1, pp. 529–539, Oct. 2021, doi: 10.30574/WJARR.2021.12.1.0402.

R. Wang, C. Li, K. Zhang, and B. Tu, “Zero-trust based dynamic access control for cloud computing,” Cybersecurity, vol. 8, no. 1, pp. 1–16, Feb. 2025, doi: 10.1186/s42400-024-00320-x.

P. Pal, P. Chattopadhyay, and M. Swarnkar, “Temporal feature aggregation with attention for insider threat detection from activity logs,” Expert Syst Appl, vol. 224, p. 119925, Aug. 2023, doi: 10.1016/J.ESWA.2023.119925.

L. Zhang, A. Taal, R. Cushing, C. de Laat, and P. Grosso, “A risk-level assessment system based on the STRIDE/DREAD model for digital data marketplaces,” Int J Inf Secur, vol. 21, no. 3, pp. 509–525, Jun. 2022, doi: 10.1007/S10207-021-00566-3/TABLES/3.

Md. A. Hayat, S. Islam, and Md. F. Hossain, “Securing the Cloud Infrastructure: Investigating Multi-tenancy Challenges, Modern Solutions and Future Research Opportunities,” International Journal of Information Technology and Computer Science, vol. 16, no. 4, pp. 1–28, Aug. 2024, doi: 10.5815/IJITCS.2024.04.01.

K. H. Kim, K. Kim, and H. K. Kim, “STRIDE-based threat modeling and DREAD evaluation for the distributed control system in the oil refinery,” ETRI Journal, vol. 44, no. 6, pp. 991–1003, Dec. 2022, doi: 10.4218/ETRIJ.2021-0181.

S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “NIST Special Publication 807-207: Zero Trust Architecture,” 2020. doi: 10.6028/NIST.SP.800-207.

M. Boldt, A. Borg, S. Ickin, and J. Gustafsson, “Anomaly detection of event sequences using multiple temporal resolutions and Markov chains,” Knowl Inf Syst, vol. 62, no. 2, pp. 669–686, Feb. 2020, doi: 10.1007/s10115-019-01365-y.

Dr. S. Umar, V. R. Veeramachineni, R. Thummala, S. Ginjupalli, and Dr. R. Safare, “Role-Based Access Control (RBAC) Vs. Attribute-Based Access Control (ABAC) For Cloud Security,” Educational Administration: Theory and Practice, vol. 29, no. 3, pp. 1398–1406, Sep. 2023, doi: 10.53555/KUEY.V29I3.9454.

Y. Yu, L. Sun, and S. Wang, “Tenant-Centric Attribute Semantic Access Control Policy Model for the Cloud Service Platform,” J Sens, vol. 2022, no. 1, p. 3314881, Jan. 2022, doi: 10.1155/2022/3314881.

H. Mirashk, A. Albadvi, M. Kargari, M. A. Rastegar, and M. Talebi, “Design Science Research: A Practical Methodology for Enhancing Qualitative Liquidity Risk Management,” Electronic Journal of Business Research Methods, vol. 23, no. 1, pp. 01–19, Jan. 2025, doi: 10.34190/EJBRM.23.1.3544.

M. Kharma and A. Taweel, “Threat Modeling in Cloud Computing - A Literature Review,” in Communications in Computer and Information Science, vol. 1768 CCIS, Springer Science and Business Media Deutschland GmbH, 2023, pp. 279–291. doi: 10.1007/978-981-99-0272-9_19.

“Access Management - AWS Identity and Access Management (IAM) - AWS.” Accessed: May 28, 2025. [Online]. Available: https://aws.amazon.com/iam/

“Policy Intelligence | Google Cloud.” Accessed: May 28, 2025. [Online]. Available: https://cloud.google.com/security/products/policy-intelligence

“Microsoft Defender for Cloud - CSPM & CWPP | Microsoft Azure.” Accessed: May 28, 2025. [Online]. Available: https://azure.microsoft.com/en-us/products/defender-for-cloud#null

V. Sailakshmi, “Analysis of Cloud Security Controls in AWS, Azure, and Google Cloud,” St. Cloud State, p. 79, Mar. 2021, Accessed: May 12, 2025. [Online]. Available: https://repository.stcloudstate.edu/msia_etds/112

M. Pfeiffer, M. Rossberg, S. Buttgereit, and G. Schaefer, “Strong tenant separation in cloud computing platforms,” ACM International Conference Proceeding Series, Aug. 2019, doi: 10.1145/3339252.3339262.

Downloads

Published

2025-08-31

How to Cite

[1]
A. C. Laksono and B. W. Sari, “PENGEMBANGAN FRAMEWORK TATA KELOLA AKSES MULTI-TENANT UNTUK MITIGASI ANCAMAN INSIDER DI CLOUD PUBLIK”, JINTEKS, vol. 7, no. 3, pp. 1520–1527, Aug. 2025.

Issue

Vol. 7 No. 3 (2025): EDISI 25

Section

Articles

License

Copyright (c) 2025 Azis Catur Laksono, Bety Wulan Sari

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.