Towards achieving accountability, auditability and trust in cloud computing

Communications in Computer and Information Science

Volumn 193 CCIS, Issue PART 4, 2011, Pages 432-444

  Ko, Ryan K L ^a   Lee, Bu Sung ^a   Pearson, Siani ^b  

^a HEWLETT PACKARD LABORATORIES   (United States)

^b HEWLETT PACKARD LABORATORIES   (United Kingdom)

Author keywords

accountability; Accountable cloud computing; audit trails; continuous auditing; logging; trusted computing platform

Indexed keywords

ACCOUNTABILITY; ACCOUNTABLE CLOUD COMPUTING; AUDIT TRAILS; CONTINUOUS AUDITING; TRUSTED COMPUTING PLATFORM;

ABSTRACTING; COMPUTER SYSTEMS; INVESTMENTS; LIFE CYCLE;

CLOUD COMPUTING;

EID: 80051570703     PISSN: 18650929     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-22726-4_45     Document Type: Conference Paper

References (42)

1. Fujitsu Research Institute: Personal data in the cloud: A global survey of consumer attitudes (2010)
2. Gross, G.: Microsoft presses for cloud computing transparency (2010), http://www.infoworld.com/d/cloud-computing/microsoft-presses-cloud-computing- transparency-799
3. Strukhoff, R.: Cloud Computing Vendors Need More Transparency (2010), http://cloudcomputing.sys-con.com/node/1308929
4. Pearson, S., Benameur, A.: Privacy, Security and Trust Issues Arising from Cloud Computing. In: The 2nd International Conference on Cloud Computing. IEEE, Indiana (2010)
5. Pearson, S., Charlesworth, A.: Accountability as a way forward for privacy protection in the cloud. In: Cloud Computing 2009, pp. 131-144 (2009)
6. Armbrust, M., et al.: A view of cloud computing. Communications of the ACM 53(4), 50-58 (2010)
7. Garfinkel, S.: An Evaluation of Amazon's Grid Computing Services: EC2, S3, and SQS (2007)
8. Chappell, D.: Introducing windows azure. Microsoft (2009)
9. Buneman, P., Khanna, S., Tan, W.: Data provenance: Some basic issues. In: Foundations of Software Technology and Theoretical Computer Science, pp. 87-93 (2000)
10. Cloud Security Alliance: Top Threats to to Cloud Computing Report, Ver.1.0 (2010)
11. Baldwin, A., Shiu, S., Beres, Y.: Auditing in shared distributed virtualized environments. HP Technical Reports (2008)
12. HyTrust. HyTrust Appliance (2010), http://www.hytrust.com/product/ overview/
13. Silberschatz, A., Galvin, P., Gagne, G.: Operating system concepts. Addison-Wesley, New York (1991)
14. Hyperic: CloudStatus (2010), http://www.cloudstatus.com/
15. Shende, J.: Live Forensics and the Cloud - Part 1. Cloud Computing Journal (2010), http://cloudcomputing.sys-con.com/node/1547944
16. Buneman, P., Khanna, S., Wang-Chiew, T.: Why and where: A characterization of data provenance. In: International Conference on Database Theory - ICDT 2001, pp. 316-330 (2001)
17. Tan, W.: Provenance in databases: Past, current, and future. Data Engineering 2007, 3 (2007)
18. Pearson, S., Balacheff, B.: Trusted computing platforms: TCPA technology in context. Prentice Hall PTR, Upper Saddle River (2003)
19. Proudler, G.: Concepts of trusted computing. In: Mitchell, C.J. (ed.) Trusted Computing. IEE Professional Applications of Computing Series, vol. 6, pp. 11-27. The Institute of Electrical Engineers (IEE), London (2005)
20. Hansen, S., Atkins, E.: Automated system monitoring and notification with swatch. In: USENIX Association's Proceedings of the Seventh Systems Administration (LISA VII) Conference (1993)
21. Roesch, M.: Snort-lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA 1999, Seattle, Washington (1999)
22. Zimmermann, H.: OSI reference model-The ISO model of architecture for open systems interconnection. IEEE Transactions on Communications 28(4), 425-432 (2002)
23. Stevens, W.: TCP/IP Illustrated: The Protocols, vol. I. Pearson Education, India (2004)
24. Chow, R., et al.: Controlling data in the cloud: outsourcing computation without outsourcing control. In CCSW 2009: Proceedings of the 2009 ACM Workshop on Cloud Computing Security. ACM, New York (2009)
25. Rosenblum, M., Ousterhout, J.: The design and implementation of a log-structured file system. ACM Transactions on Computer Systems (TOCS) 10(1), 26-52 (1992)
26. Slagell, A., Wang, J., Yurcik, W.: Network Log Anonymization: Application of Crypto-PAn to Cisco NetFlows. In: NSF/AFRL Workshop on Secure Knowledge Management (SKM 2004), Buffalo, NY (2004)
27. Slagell, A., Yurcik, W.: Sharing computer network logs for security and privacy: A motivation for new methodologies of anonymization. In: Proceedings of SECOVAL: The Workshop on the Value of Security Through Collaboration (August 2005)
28. Gray, J., Reuter, A.: Transaction processing: concepts and techniques. Morgan Kaufmann, San Francisco (1993)
29. Peters, T.: The history and development of transaction log analysis. Library Hi Tech. 11(2), 41-66 (1993)
30. Ko, R.: A computer scientist's introductory guide to business process management (BPM). ACM Crossroads 15(4), 11-18 (2009)
31. Ko, R., Lee, S., Lee, E.: Business process management (BPM) standards: a survey. Business Process Management Journal 15(5), 744-791 (2009)
32. Anthony, R.: Planning and control systems: a framework for analysis. Division of Research, Graduate School of Business Administration, Harvard University (1965)
33. Cloud Security Alliance: Trusted Cloud Initiative (2010), http://www.cloudsecurityalliance.org/trustedcloud.html
34. Cloud Security Alliance: Cloud Security Alliance Governance, Risk Management and Compliance (GRC) Stack (2010), http://www.cloudsecurityalliance. org/grcstack.html
35. Cloud Security Alliance (2010), http://www.cloudsecurityalliance.org/
36. Cloud Security Alliance: CloudAudit (A6 - The Automated Audit, Assertion, Assessment, and Assurance API) (2010), http://cloudaudit.org/
37. Knode, R.: CloudTrust 2.0 (2010), http://scap.nist.gov/events/2010/itsac/ presentations/day2/Security-Automation-for-Cloud-Computing-CloudTrust-2.0.pdf
38. Mowbray, M., Pearson, S., Shen, Y.: Enhancing privacy in cloud computing via policybased obfuscation. The Journal of Supercomputing, 1-25 (2010)
39. Pearson, S.: Taking account of privacy when designing cloud computing services. In: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing. IEEE, Los Alamitos (2009)
40. Mowbray, M., Pearson, S.: A client-based privacy manager for cloud computing. In: Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, COMSWARE 2009. ACM, New York (2009)
41. Haeberlen, A.: A case for the accountable cloud. ACM SIGOPS Operating Systems Review 44(2), 52-57 (2010)
42. Haeberlen, A., et al.: Accountable virtual machines. In: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2010 (2010)