Current cloud infrastructures have opaque service offerings where customers cannot monitor the underlying physical infrastructure. This situation raises concerns for meeting compliance obligations by critical business applications with data location constraints that are deployed in a Cloud. When federated cloud infrastructures span across different countries where data can migrate from one country to another, it should be possible for data owners to monitor the location of their data. This paper shows how an existing federated Cloud monitoring infrastructure can be used for data location monitoring without compromising Cloud isolation. In the proposed approach collaboration is required between the cloud infrastructure provider (IP) and the user of the cloud, the service provider (SP): the IP monitors the virtual machines (VM) on the SP's behalf and makes the infrastructure level monitoring information available to him. With the monitoring information the SP can create the audit logs required for compliance auditing. The proposed logging architecture is validated by an e-Government case study with legal data location constraints.
[1]
Tim Mather,et al.
Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance
,
2009,
Theory in practice.
[2]
Nils Gruschka,et al.
Vulnerable Cloud: SOAP Message Security Validation Revisited
,
2009,
2009 IEEE International Conference on Web Services.
[3]
Álvaro Enrique Arenas,et al.
Fine-Grained Continuous Usage Control of Service Based Grids - The GridTrust Approach
,
2008,
ServiceWave.
[4]
Benny Rochwerger,et al.
Monitoring Service Clouds in the Future Internet
,
2010,
Future Internet Assembly.
[5]
Elisa Bertino,et al.
XACML Policy Integration Algorithms
,
2008,
TSEC.