Enhancing Cloud Security and Privacy: The Cloud Audit Problem

Many people assume that cloud audit is no more difficult than IT audit in general. We provide an outline of the evolution of cloud, providing an explanation of how it differs from conventional IT. We then discuss some of the benefits and drawbacks of cloud, particularly in connection to audit challenges, highlighting the dangers and shortcomings of many approaches. Keywords—security; privacy; standards; compliance; audit.

[1]  Alley Stoughton,et al.  Detection of Mutual Inconsistency in Distributed Systems , 1983, IEEE Transactions on Software Engineering.

[2]  Jeff Magee,et al.  Dynamic Configuration for Distributed Systems , 1985, IEEE Transactions on Software Engineering.

[3]  Nicholas R. Jennings,et al.  Designing and Implementing a Multi-Agent Architecture for Business Process Management , 1997, ATAL.

[4]  George T. Willingmyre Section 11. International standards at the crossroads , 1997, STAN.

[5]  John A. Zachman,et al.  A Framework for Information Systems Architecture , 1987, IBM Syst. J..

[6]  Friedemann Mattern,et al.  Virtual Time and Global States of Distributed Systems , 2002 .

[7]  On a problem of , 2005 .

[8]  Mladen A. Vouk,et al.  Cloud Computing – Issues, Research and Implementations , 2008, CIT 2008.

[9]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[10]  Neal Leavitt,et al.  Is Cloud Computing Really Ready for Prime Time? , 2009, Computer.

[11]  Wei Xie,et al.  Security and Privacy in Cloud Computing: A Survey , 2010, 2010 Sixth International Conference on Semantics, Knowledge and Grids.

[12]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[13]  Zhixiong Chen,et al.  IT Auditing to Assure a Secure Cloud Computing , 2010, 2010 6th World Congress on Services.

[14]  Christopher Millard,et al.  The problem of ‘personal data’ in cloud computing: what information is regulated?—the cloud of unknowing , 2011 .

[15]  Bu-Sung Lee,et al.  Flogger: A File-Centric Logger for Monitoring File Access and Transfers within Cloud Computing Environments , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[16]  Bu-Sung Lee,et al.  Towards Achieving Accountability, Auditability and Trust in Cloud Computing , 2011, ACC.

[17]  Christopher Millard,et al.  Who is Responsible for 'Personal Data' in Cloud Computing? The Cloud of Unknowing, Part 2 , 2011 .

[18]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[19]  Christopher Millard,et al.  Data protection jurisdiction and cloud computing – when are cloud users and providers subject to EU data protection law? The cloud of unknowing , 2012 .

[20]  M. Mrinalni Vaknishadh,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2012 .

[21]  Jens Prüfer,et al.  How to Govern the Cloud? Characterizing the Optimal Enforcement Institution that Supports Accountability in Cloud Computing , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[22]  Andreas Meyer,et al.  Monitoring of Business Processes with Complex Event Processing , 2013, Business Process Management Workshops.

[23]  David J. Pym,et al.  Developing a Conceptual Framework for Cloud Security Assurance , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[24]  Industrial Strategy Information security breaches survey , 2013 .

[25]  Christoph Reich,et al.  Supporting Cloud Accountability by Collecting Evidence Using Audit Agents , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[26]  Martin Knahl,et al.  Anomaly Detection in IaaS Clouds , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[27]  Laurent Lefèvre,et al.  A survey on techniques for improving the energy efficiency of large-scale distributed systems , 2014, ACM Comput. Surv..

[28]  Dirk Westhoff,et al.  Privacy-friendly cloud audits with Somewhat Homomorphic and Searchable Encryption , 2014, 2014 14th International Conference on Innovations for Community Services (I4CS).

[29]  Salve Bhagyashri Salve Bhagyashri,et al.  Privacy-Preserving Public Auditing For Secure Cloud Storage , 2014 .

[30]  Hemantha S. B. Herath,et al.  IT security auditing: A performance evaluation decision model , 2014, Decis. Support Syst..

[31]  Avinash Srinivasan,et al.  Towards a Reference Architecture for Service-Oriented Cross Domain Security Infrastructures , 2014, IDCS.

[32]  Stefan Tai,et al.  Cloud Standby: Disaster Recovery of Distributed Systems in the Cloud , 2014, ESOCC.

[33]  Wojciech Cellary,et al.  Application of the Service-Oriented Architecture at the Inter-Organizational Level , 2014, Advanced SOA Tools and Applications.

[34]  Bob Duncan,et al.  Reflecting on Whether Checklists Can Tick the Box for Cloud Security , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[35]  Bob Duncan,et al.  Compliance with standards, assurance and audit: does this equal security? , 2014, SIN.

[36]  Alina Gîrbea,et al.  Design and Implementation of a Service-Oriented Architecture for the Optimization of Industrial Applications , 2014, IEEE Transactions on Industrial Informatics.

[37]  Hans W. Gottinger Internet Economics of Distributed Systems , 2014 .

[38]  Martin Quinn,et al.  The effects of cloud technology on management accounting and business decision-making , 2014 .

[39]  Bob Duncan,et al.  Enhancing Cloud Security and Privacy: Broadening the Service Level Agreement , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[40]  Robert A. K. Duncan,et al.  Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail , 2016, CLOUD 2016.

[41]  Cong Wang,et al.  Dynamic Data Operations with Deduplication in Privacy-Preserving Public Auditing for Secure Cloud Storage , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[42]  Jens Prüfer,et al.  Trusting privacy in the cloud , 2018, Inf. Econ. Policy.

[43]  Полухина Полина Александровна Oxford English Dictionary online: подготовка к третьему изданию словаря на примере Updates 2016 , 2018 .