Delegated Audit of Cloud Provider Chains Using Provider Provisioned Mobile Evidence Collection

Businesses, especially SMEs, increasingly integrate cloud services in their IT infrastructure. The assurance of the correct and effective implementation of security controls is required by businesses to attenuate the loss of control that is inherently associated with using cloud services. Giving this kind of assurance, is traditionally the task of audits and certification done by auditors. Cloud auditing becomes increasingly challenging for the auditor, if you be aware, that today cloud services are often distributed across many cloud providers. There are Software as a Service (SaaS) providers that do not own dedicated hardware anymore for operating their services, but rely solely on other cloud providers of the lower layers, such Infrastructure as a Service (IaaS) providers. Cloud audit of provider chains, that is cloud auditing of cloud service provisioned across different providers, is challenging and complex for the auditor.

[1]  Tobias Pulls,et al.  Secure Evidence Collection and Storage for Cloud Accountability Audits , 2015, CLOSER.

[2]  Antonio Corradi,et al.  DARGOS: A highly adaptable and scalable monitoring architecture for multi-tenant Clouds , 2013, Future Gener. Comput. Syst..

[3]  Xavier Franch,et al.  Enhancing Federated Cloud Management with an Integrated Service Monitoring Approach , 2013, Journal of Grid Computing.

[4]  Christoph Reich,et al.  Supporting Cloud Accountability by Collecting Evidence Using Audit Agents , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[5]  Jin Tong,et al.  NIST Cloud Computing Reference Architecture , 2011, 2011 IEEE World Congress on Services.

[6]  Christoph Meinel,et al.  Construction of Agent-Based Trust in Cloud Infrastructure , 2014, 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing.

[7]  Christoph Reich,et al.  Towards Auditing of Cloud Provider Chains using CloudTrust Protocol , 2016, CLOSER.

[8]  Frank Doelitzscher,et al.  Sun Behind Clouds - On Automatic Cloud Security Audits and a Cloud Audit Policy Language , 2013 .

[9]  Karin Bernsmed,et al.  A-PPL: An Accountability Policy Language , 2014, DPM/SETOP/QASA.

[10]  Jungwoo Ryoo,et al.  A centralized trust model approach for cloud computing , 2014, 2014 23rd Wireless and Optical Communication Conference (WOCC).

[11]  Xavier Franch,et al.  SALMonADA: A platform for monitoring and explaining violations of WS-agreement-compliant documents , 2012, 2012 4th International Workshop on Principles of Engineering Service-Oriented Systems (PESOS).

[12]  Benny Rochwerger,et al.  A Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures , 2011, 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum.