Automatic data protection certificates for cloud-services based on secure logging

Trusted Cloud Computing

Volumn , Issue , 2014, Pages 59-75

  Kunz, Thomas ^a   Selzer, Annika ^a   Waldmann, Ulrich ^a  

^a FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY SIT   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; DATA HANDLING; DISTRIBUTED DATABASE SYSTEMS; LAWS AND LEGISLATION; SECURITY OF DATA; WEB SERVICES;

AUTOMATICALLY GENERATED; ECONOMIC AFFAIRS; LEGAL REGULATION; ON-SITE INSPECTION; PROTECTION CERTIFICATES; SECURITY MECHANISM; SECURITY REQUIREMENTS; TECHNICAL SOLUTIONS;

TRUSTED COMPUTING;

EID: 84948085734     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1007/978-3-319-12718-7_5     Document Type: Chapter

References (25)

1. Accorsi, R.: Log Data as Digital Evidence: What Secure Logging Protocols Have to Offer? In: 33rd Annual IEEE International Computer Software and Applications Conference (COMPSAC ’09), pp. 398-403, (2009)
2. Bellare, M., Yee, B. S.: Forward Integrity for Secure Audit Logs. University of California at San Diego (1997)
3. Borges, G. et al.: Datenschutzrechtliche Lösungen für Cloud Computing. Kompetenzzentrum Trusted Cloud, http://www.trusted-cloud.de, (2012)
4. BSI: Studieüber die Nutzung von Log-und Monitoringdaten im Rahmen der IT-Frühwarnung und für einen sicheren IT-Betrieb (2007)
5. Contu, R., Pingree, L., Ahlm, E.: Predicts 2013: Security Solutions. Technical Report, Gartner (2012)
6. Eurocloud Deutschland eco e.V.: Leitfaden Cloud Computing, (2010)
7. European Network and Information Security Agency (ENISA): Critical Cloud Computing-A CIIP perspective on cloud computing services, Version 1.0, (2012)
8. Gerhards, R.: The Syslog Protocol, Request for Comments: 5424, Internet Engineering Task Force IETF (2009)
9. Gola, P., Schomerus, R.: BDSG Kommentar (2012)
10. Gonzales, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., Näslund, M., Pourzandi, M.: A quantitative analysis of current security concerns and solutions for cloud computing. In: Journal of Cloud Computing: Advances, Systems and Applications, 1(1) (2012)
11. Hardt, D. (Ed.): The OAuth 2.0 Authorization Framework, Request for Comments: 6749, Internet Engineering Task Force IETF (2012)
12. Holt, J. E.: Logcrypt: forward security and public verification for secure audit logs. In: Proceedings of the 2006 Australasian workshops on Grid computing and e-research, Volume 54, ACSW Frontiers ’06, pp. 203-211, Australian Computer Society (2006)
13. ISO/IEC 27001: Information technology-Security techniques-Information security management systems-Requirements (2013)
14. Lipton, P., Moser, S., Palma, D., Spatzier, T.: Topology and Orchestration Specification for Cloud Applications (TOSCA), Version 1.0, http://www.oasis-open.org/committees/tc\_home.php?wg\_abbrev=tosca OASIS specification (2013)
15. Merkle, R.: Protocols for Public Key Cryptosystems. In: Proceedings of the 1980 IEEE Symposium on Security and Privacy, Oakland, USA (1980)
16. National Institute of Standards and Technology (NIST): Guide for Applying the Risk Management Framework to Federal Information Systems-A Security Life Cycle Approach, NIST Special Publication 800-37, (2010)
17. Niehues, P., Kunz, T., Posiadlo, L.: Das CloudCycle-Ö kosystem, Technical report, http://www.cloudcycle.org, CloudCycle (2013)
18. Schneider, S., Lansing, J., Sunyaev, A.: Empfehlungen zur Gestaltung von Cloud-Service-Zertifizierungen, In: Industrie Management-Zeitschrift für industrielle Geschäftsprozesse, pp. 13-17 (2013)
19. Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics, In: ACM Transactions on Information and System Security (TISSEC) 1999, Volume 2, pp. 159-176, ACM New York, USA (1999)
20. Selzer, A.: Die Kontrollpflicht nach § 11 Abs. 2 Satz 4 BDSG im Zeitalter des Cloud Computing, In: DuD 04/2013
21. Stathopoulos, V., Kotzanikolaou, P., Magkos, E.: A Framework for Secure and Verifiable Logging in Public Communication Networks, In: Critical Information Infrastructures Security, Lecture Notes in Computer Science, Springer Berlin Heidelberg, pp. 273-284 (2006)
22. Waizenegger, T., Wieland, M., Binz, T., Breitenbücher, U.: Towards a Policy-Framework for Provisioning and Management of Cloud Services, In: SECURWARE 2013, The Seventh International Conference on Emerging Security Information, Systems and Technologies (2013)
23. Waizenegger, T., Wieland, M., Binz, T., Breitenbücher, U., Haupt, F., Kopp, O., Leymann, F., Mitschang, B., Nowak, A., Wagner, S.: Policy4TOSCA: A Policy-Aware Cloud Service Provisioning Approach to Enable Secure Cloud Computing, In: DOA-Trusted Cloud’13 International Conference on Secure Virtual Infrastructures (2013)
24. Waters, B. R., Balfanz, D., Durfee, G., Smetters, D. K.: Building an Encrypted and Searchable Audit Log, Princeton University and Palo Alto Research Center (2004)
25. Weichert, T.: Cloud Computing und Datenschutz, In: DuD 10/2010