Data Accountability in Cloud Systems

  • Ryan K. L. KoEmail author


This chapter reviews the definitions, existing techniques and standards in the area of data accountability in cloud computing. It also introduces new research for the accountability, traceability and auditability of data provenance and history and discusses the critical problems of cloud security relating to accountability.


Cloud Computing Virtual Machine Cloud Provider Cloud Service Provider Cloud Computing Environment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The author would like to acknowledge the former members of the HP Labs TrustCloud team: Peter Jagadpramana, Chun Hui Suen, Markus Kirchberg, Yu Shyang Tan, Olive Qing Zhang, Aneeth Ahmed, Teck Hooi Lim, Miranda Mowbray. Siani Pearson, Duc Ha, Anurag Singla and Bu Sung Lee.


  1. 1.
    Armbrust M et al (2010) A view of cloud computing. Commun ACM 53(4):50–58CrossRefGoogle Scholar
  2. 2.
    Baldwin A et al (2008) Auditing in shared distributed virtualized environments. HP Technical ReportsGoogle Scholar
  3. 3.
    Brodkin J (2008) Gartner: seven cloud-computing security risks. Infoworld, 1–3Google Scholar
  4. 4.
    Buneman P et al (2000) Data provenance: some basic issues. FST TCS 2000: foundations of software technology and theoretical computer science. Springer, Berlin, pp 87–93Google Scholar
  5. 5.
    Buneman P et al (2001) Why and where: a characterization of data provenance. Database theory–ICDT 2001. Springer, Berlin, pp 316–330Google Scholar
  6. 6.
    Calder A (2006) Information security based on ISO 27001/ISO 17799: a management guide. The stationery office/TsoGoogle Scholar
  7. 7.
    Calder A, Watkins S (2008) IT governance: a manager’s guide to datasecurity and ISO 27001/ISO 27002. Kogan Page Ltd, LondonGoogle Scholar
  8. 8.
    Chappell D (2009) Introducing windows azure.Microsoft, Dec. from
  9. 9.
    Chow R et al (2009) Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proceedings of ACM workshop on cloud computing security (CCSW 2009). IL, ACM, ChicagoGoogle Scholar
  10. 10.
    Cloud Security Alliance (2010) Cloud security alliance governance, risk management and compliance (GRC) stack. From
  11. 11.
    Cloud Security Alliance (2010) Cloud security alliance homepage. From
  12. 12.
    Cloud Security Alliance (2010) CloudAudit (A6–the automated audit, assertion, assessment, and assurance API). From
  13. 13.
    Cloud Security Alliance (2010) Top threats to to cloud computing, Report (Ver.1.0)Google Scholar
  14. 14.
    Cloud Security Alliance (2010) Trusted cloud initiative. From
  15. 15.
    CloudKick (2011) CloudKick—cloud monitoring and management. From https://
  16. 16.
    Erl T (2005) Service-oriented architecture: concepts, technology, and design. Prentice Hall PTR, New JeresyGoogle Scholar
  17. 17.
    Fujitsu Research Institute (2010) Personal data in the cloud: a global survey of consumer attitudes. From
  18. 18.
    Garfinkel S (2007) An evaluation of Amazon’s grid computing services: EC2, S3, and SQS. Technical Report TR-08-07. Center for Research on Computation and Society, Harvard University, CambridgeGoogle Scholar
  19. 19.
    Haeberlen A (2010) A case for the accountable cloud. ACM SIGOPS Oper Syst Rev 44(2):52–57CrossRefGoogle Scholar
  20. 20.
    Halpin H (2009) Provenance: the missing component of the semantic web for privacy and trust. In: Proceedings of the trust and privacy on the social and semantic web (SPOT) workshop at ESWC 2009, CiteseerGoogle Scholar
  21. 21.
    Hansen S, Atkins E (1993) Automated system monitoring and notification with swatch. In: USENIX association’s Proceedings of the 7th systems administration (LISA VII) conference.Google Scholar
  22. 22.
    Hyperic (2010) CloudStatus. From
  23. 23.
    HyTrust (2010) HyTrust appliance. From
  24. 24.
    Kim GH, Spafford EH (1994) The design and implementation of tripwire: a file system integrity checker. In: Proceedings of 2nd ACM conference on computer and communications security (CCS ’94), ACMGoogle Scholar
  25. 25.
  26. 26.
    Ko RKL et al (2011) Flogger: a file-centric logger for monitoring file access and transfers within cloud computing environments. In: Proceedings of trust, security and privacy in computing and communications (TrustCom), 2011 IEEE 10th international conference on, IEEE, pp 765–771Google Scholar
  27. 27.
    Ko RKL et al (2011) TrustCloud—a framework for accountability and trust in cloud computing. In: Proceedings of IEEE 2nd cloud forum for practitioners (IEEE ICFP), IEEE computer society, Washington DC. USAGoogle Scholar
  28. 28.
    Ko RKL et al (2011) From system-centric to data-centric logging-accountability, trust & security in cloud computing. In: Proceedings of defense science research conference and expo (DSR)Google Scholar
  29. 29.
    Love R (2005) Kernel Korner: intro to iNotify. Linux J (139):8Google Scholar
  30. 30.
    Mowbray M, Pearson S (2009) A client-based privacy manager for cloud computing. In: Proceedings of ACMGoogle Scholar
  31. 31.
    Mowbray M et al (2010) Enhancing privacy in cloud computing via policy-based obfuscation. J Supercomputing 1–25Google Scholar
  32. 32.
    Ning WZP et al (2010) Always up-to-date-scalable offline patching of VM images in a compute cloud. In: Proceedings of IBM technical papers (RC24956)Google Scholar
  33. 33.
    Oxford University Press (2005) Concise oxford english dictionary. Retrieved 5 Dec 2005.Google Scholar
  34. 34.
    Pearson S (2009) Taking account of privacy when designing cloud computing services. In: Proceedings of 2009 ICSE workshop on software engineering challenges of cloud computing, IEEE computer societyGoogle Scholar
  35. 35.
    Pearson S, Balacheff B (2003) Trusted computing platforms: TCPA technology in context. Prentice Hall PTR, New JeresyGoogle Scholar
  36. 36.
    Pearson S, Benameur A (2010) Privacy, security and trust issues arising from cloud computing. In: Proceedings of 2nd international conference on cloud computing (2010) IEEE, IndianaGoogle Scholar
  37. 37.
    Pearson S, Charlesworth A (2009) Accountability as a way forward for privacy protection in the cloud. Cloud Computing. Springer, Berlin, pp 131–144Google Scholar
  38. 38.
    Proudler G (2005) Concepts of trusted computing. In: Mitchell CJ (ed) Trusted computing, IEE professional applications of computing series. The Institute of Electrical Engineers (IEE), London, pp 11–27Google Scholar
  39. 39.
    Rezaee Z et al (2002) Continuous auditing: building automated auditing capability. Auditing 21(1):147–164CrossRefGoogle Scholar
  40. 40.
    Roesch M (1999) Snort-lightweight intrusion detection for networks. In: Proceedings of 13th large installation system administration conference (LISA), Seattle, WashingtonGoogle Scholar
  41. 41.
    Rosenblum M, Ousterhout J (1992) The design and implementation of a log-structured file system. ACM Trans Comput Syst (TOCS) 10(1):26–52CrossRefGoogle Scholar
  42. 42.
    Sarbanes-Oxley Act (2002) Public law no. 107–204. In: Proceedings of 107th US congress. Government Printing Office, Washington DCGoogle Scholar
  43. 43.
    Shende J (2010) Live forensics and the cloud - part 1. Cloud Comput J. 2011, From Accessed on 27 Sep 2010
  44. 44.
    Silberschatz A et al (1991) Operating system concepts. Addison-Wesley, New YorkGoogle Scholar
  45. 45.
    Silicon Graphics International Corp (2009) File alteration monitor (FAM) overview. From
  46. 46.
    Slagell A et al (2004) Network log anonymization: application of crypto-pan to cisco netflows. In: Proceedings of NSF/AFRL workshop on secure knowledge management (SKM ’04), BuffaloGoogle Scholar
  47. 47.
    Slagell A, Yurcik W (2006) Sharing computer network logs for security and privacy: a motivation for new methodologies of anonymization. In: Proceedings of workshop of the 1st international conference on security and privacy for emerging areas in communication networks, IEEE 2005Google Scholar
  48. 48.
    Stevens W (1994) TCP/IP illustrated vol. I: the protocols. Pearson Education India, IndiaGoogle Scholar
  49. 49.
    Tan W (2007) Provenance in databases: past, current, and future. IEEE Data Eng 30:3–12Google Scholar
  50. 50.
    Tan YS et al (2012) Tracking of data leaving the cloud. Trust, security and privacy in computing and communications (TrustCom). In: Proceedings of 2012 IEEE 11th international conference on IEEEGoogle Scholar
  51. 51.
    US Congress (1996) Health insurance portability and accountability Act (HIPAA) of 1996. Public Law 104–191Google Scholar
  52. 52.
    VMWare Hyperic (2011) Performance monitoring for cloud services. From
  53. 53.
    Vouk M (2008) Cloud computing–issues, research and implementations. In: Proceedings of 30th international conference on information technology interfaces, 2008 (ITI 2008) IEEEGoogle Scholar
  54. 54.
    Wei J et al (2009) Managing security of virtual machine images in a cloud environment. In: Proceedings of ACMGoogle Scholar
  55. 55.
    Woolf H (1974) The Merriam-webster dictionary. Pocket Books, New YorkGoogle Scholar
  56. 56.
    Zhang OQ et al (2011) How to track your data: the case for cloud computing provenance. In: Proceedings of Cloud computing technology and science (CloudCom), 2011 IEEE 3rd international conference on IEEEGoogle Scholar
  57. 57.
    Zhang OQ et al (2012) How to track your data: rule-based data provenance tracing algorithms. In: Proceedings of trust, security and privacy in computing and communications (TrustCom), 2012 IEEE 11th international conference on IEEEGoogle Scholar
  58. 58.
    Zimmermann H (2002) OSI reference model-The ISO model of architecture for open systems interconnection. Commun IEEE Trans on 28(4):425–432CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.Cyber Security Lab, Department of Computer ScienceThe University of WaikatoHamiltonNew Zealand

Personalised recommendations