Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cloud Computing and Services Science

CLOSER 2015: Cloud Computing and Services Science pp 95–114Cite as

Security and Privacy Preservation of Evidence in Cloud Accountability Audits

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 581))

Abstract

Cloud accountability audits are promising to strengthen trust in cloud computing by providing reassurance about the processing data in the cloud according to data handling and privacy policies. To effectively automate cloud accountability audits, various distributed evidence sources need to be considered during evaluation. The types of information range from authentication and data access logging to location information, information on security controls and incident detection. Securing that information quickly becomes a challenge in the system design, when the evidence that is needed for the audit is deemed sensitive or confidential information. This means that securing the evidence at-rest as well as in-transit is of utmost importance. In this paper, we present a system that is based on distributed software agents which enables secure evidence collection with the purpose of automated evaluation during cloud accountability audits. We thereby present the integration of Insynd as a suitable cryptographic mechanism for securing evidence. We present our reasoning for choosing Insynd by showing a comparison of Insynd properties with requirements imposed by accountability evidence collection as well as an analysis how security threats are being mitigated by Insynd. We put special emphasis on security and privacy protection in our system analysis.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. A4Cloud FP7 Project (2015). http://www.a4cloud.eu/

  2. An, J.H.: Authenticated encryption in the public-key setting: security notions and analyses. IACR Cryptology ePrint Archive 2001, 79 (2001). http://eprint.iacr.org/2001/079

  3. Ardagna, C.A., Bussard, L., Vimercati, S.D.C.D., Neven, G., Paraboschi, S., Pedrini, E., Preiss, S., Raggett, D., Samarati, P., Trabelsi, S., Verdicchio, M.: Primelife policy language (2009). http://www.w3.org/2009/policy-ws/papers/Trabelisi.pdf

  4. Azraoui, M., Elkhiyaoui, K., Önen, M., Bernsmed, K., De Oliveira, A.S., Sendor, J.: A-PPL: an accountability policy language. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/SETOP/QASA 2014. LNCS, vol. 8872, pp. 319–326. Springer, Heidelberg (2015). http://www.eurecom.fr/publication/4381

    Google Scholar 

  5. Bellare, M., Yee, B.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 159–176. Springer, Heidelberg (2012). http://dx.doi.org/10.1007/978-3-642-33481-8_9

    Chapter  Google Scholar 

  7. Bowers, K.D., Hart, C., Juels, A., Triandopoulos, N.: PillarBox: combating next-generation malware with fast forward-secure logging. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 46–67. Springer, Heidelberg (2014). http://dx.doi.org/10.1007/978-3-319-11379-1_3

    Google Scholar 

  8. Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation onion router. In: Blaze, M. (ed.) Proceedings of the 13th USENIX Security Symposium, 9–13 August 2004, San Diego, CA, USA, pp. 303–320. USENIX (2004), http://www.usenix.org/publications/library/proceedings/sec04/tech/dingledine.html

  9. Doelitzscher, F., Reich, C., Knahl, M., Passfall, A., Clarke, N.: An agent based business aware incident detection system for cloud environments. J. Cloud Comput. Adv. Syst. Appl. 1(1), 9 (2012)

    Article  Google Scholar 

  10. Doelitzscher, F., Ruebsamen, T., Karbe, T., Reich, C., Clarke, N.: Sun behind clouds - on automatic cloud security audits and a cloud audit policy language. Int. J. Adv. Netw. Serv. 6(1,2), 1–16 (2013)

    Google Scholar 

  11. Gupta, A.: Privacy preserving efficient digital forensic investigation framework. In: 2013 Sixth International Conference on Contemporary Computing (IC3), pp. 387–392, August 2013

    Google Scholar 

  12. Haeberlen, A.: A case for the accountable cloud. In: Proceedings of the 3rd ACM SIGOPS International Workshop on Large-Scale Distributed Systems and Middleware (LADIS 2009), October 2009

    Google Scholar 

  13. JADE: Java Agent Developement framework (2015). http://jade.tilab.com

  14. Jansen, W., Grance, T.: Sp 800–144. guidelines on security and privacy in public cloud computing. Technical report, National Institute of Standards and Technology, Gaithersburg, MD, United States (2011)

    Google Scholar 

  15. Jerman Blaič, A., Klobučar, T., Jerman, B.D.: Long-term trusted preservation service using service interaction protocol and evidence records. Comput. Stand. Interfaces 29(3), 398–412 (2007). http://dx.doi.org/10.1016/j.csi.2006.06.004

    Article  Google Scholar 

  16. Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: Nist cloud computing reference architecture (2011). http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505

  17. Lopez, J., Ruebsamen, T., Westhoff, D.: Privacy-friendly cloud audits with somewhat homomorphic and searchable encryption. In: 2014 14th International Conference on Innovations for Community Services (I4CS), pp. 95–103, June 2014

    Google Scholar 

  18. Microsoft Developer Network: The Stride Threat Model (2015). https://msdn.microsoft.com/en-US/library/ee823878(v=cs.20).aspx

  19. Mohay, G.M., Anderson, A.M., Collie, B., de Vel, O., McKemmish, R.D.: Computer and Intrusion Forensics. Artech House, Boston (2003). http://eprints.qut.edu.au/10849/. For more information about this book please refer to the publisher’s website (see link) or contact the authors

    Google Scholar 

  20. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted 1(2012), 28 (2008)

    Google Scholar 

  21. OpenStack: Openstack (2015). http://www.openstack.org/

  22. Pearson, S.: Toward accountability in the cloud. IEEE Internet Comput. 15(4), 64–69 (2011)

    Article  Google Scholar 

  23. Pulls, T., Peeters, R.: Balloon: a forward-secure append-only persistent authenticated data structure. In: Pernul, G., Y A Ryan, P., Weippl, E., Torres, C.F., Jonker, H., Mauw, S., Diao, W., Liu, X., et al. (eds.) ESORICS. LNCS, vol. 9327, pp. 622–641. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24177-7_31

    Chapter  Google Scholar 

  24. Pulls, T., Peeters, R.: Insynd: secure one-way messaging through Balloons. Cryptology ePrint Archive, Report 2015/150 (2015)

    Google Scholar 

  25. Pulls, T., Peeters, R., Wouters, K.: Distributed privacy-preserving transparency logging. In: Sadeghi, A.R., Foresti, S. (eds.) WPES, pp. 83–94. ACM (2013)

    Google Scholar 

  26. R. Brandner, U.P., Gondrom, T.: Evidence record syntax (ERS) (2014). http://tools.ietf.org/html/rfc4998

  27. Redfield, C. M., Date, H.: Gringotts: securing data for digital evidence. In: 2014 IEEE Security and Privacy Workshops (SPW), pp. 10–17, May 2014

    Google Scholar 

  28. Ruebsamen, T., Reich, C.: Supporting cloud accountability by collecting evidence using audit agents. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 1, pp. 185–190, December 2013

    Google Scholar 

  29. Turner, P.: Unification of digital evidence from disparate sources (digital evidence bags). Digit. Investig. 2(3), 223–228 (2005). http://dx.doi.org/10.1016/j.diin.2005.07.001

    Article  Google Scholar 

  30. Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008). http://doi.acm.org/10.1145/1349026.1349043

    Article  Google Scholar 

  31. Zhang, R., Li, Z., Yang, Y., Li, Z.: An efficient massive evidence storage and retrieval scheme in encrypted database. In: 2013 International Conference on Information and Network Security (ICINS 2013), pp. 1–6, November 2013

    Google Scholar 

Download references

Acknowledgements

This work has been partly funded from the European Commission’s Seventh Framework Programme (FP7/2007–2013), grant agreement 317550, Cloud Accountability Project - http://www.a4cloud.eu/ - (A4CLOUD).

Author information

Authors and Affiliations

  1. Cloud Research Lab, Furtwangen University, Furtwangen, Germany

    Thomas Rübsamen & Christoph Reich

  2. Department of Mathematics and Computer Science, Karlstad University, Karlstad, Sweden

    Tobias Pulls

Authors
  1. Thomas Rübsamen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tobias Pulls
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christoph Reich
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Rübsamen .

Editor information

Editors and Affiliations

  1. Dublin City University, Dublin 9, Ireland

    Markus Helfert

  2. Universitat Autònoma de Barcelona, Bellaterra, Spain

    Víctor Méndez Muñoz

  3. Dell, ROUND ROCK, USA

    Donald Ferguson

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Rübsamen, T., Pulls, T., Reich, C. (2016). Security and Privacy Preservation of Evidence in Cloud Accountability Audits. In: Helfert, M., Méndez Muñoz, V., Ferguson, D. (eds) Cloud Computing and Services Science. CLOSER 2015. Communications in Computer and Information Science, vol 581. Springer, Cham. https://doi.org/10.1007/978-3-319-29582-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29582-4_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29581-7

  • Online ISBN: 978-3-319-29582-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation