Abstract

In cloud computing users are giving up control over resources such as storage. Lacking transparency of cloud services (e.g. data access and data lifecycle reports) is an important trust issue, that hinders a more wide-spread adoption of cloud computing. Giving the customer of cloud services more information about data usage, compliance test reports and accordance to best-practices make the cloud more transparent. Reporting about such verifications is the main objective of cloud audits and is performed by third party auditors (TPAs). However, public auditing by TPAs can introduce new privacy problems. In this paper, a survey of current cloud audit privacy problems is given and techniques are shown how they can be addressed. Also, requirements for a privacy-aware public audit system are discussed.

Keywords

Audit Privacy Cloud Computing Transparency 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing. Technical report, National Institute of Standards and Technology, Information Technology Laboratory (2011)Google Scholar
  2. 2.
    CNN: Google fires engineer for privacy breach (September 2010), http://edition.cnn.com/2010/TECH/web/09/15/google.privacy.firing/
  3. 3.
    Cloud Security Alliance (CSA): Security, Trust & Assurance Registry (STAR), https://cloudsecurityalliance.org/star/
  4. 4.
    Amazon: Amazon’s service health dashboard, http://status.aws.amazon.com/
  5. 5.
    Privacy Rights Clearinghouse: Amsterdam Hospitality Group, https://www.privacyrights.org/data-breach-asc?title=amsterdam
  6. 6.
    Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom), pp. 693–702 (2010)Google Scholar
  7. 7.
    Badger, L., Bohn, R., Chu, S., Hogan, M., Liu, F., Kaufmann, V., Mao, J., Messina, J., Mills, K., Sokol, A., Tong, J., Whiteside, F., Leaf, D.: US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft) - Useful Information for Cloud Adopters. Technical report, National Institute of Standards and Technology, Information Technology Laboratory (2011)Google Scholar
  8. 8.
    Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. Cryptology ePrint Archive, Report 2007/202 (2007), http://eprint.iacr.org/
  9. 9.
    Bowers, K.D., Juels, A., Oprea, A.: Proofs of retrievability: theory and implementation. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 43–54. ACM, New York (2009)CrossRefGoogle Scholar
  10. 10.
    Juels, A., Kaliski Jr., B.S.: Pors: proofs of retrievability for large files. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 584–597. ACM, New York (2007)CrossRefGoogle Scholar
  11. 11.
    Wang, C., Ren, K., Lou, W., Li, J.: Toward publicly auditable secure cloud data storage services. IEEE Network 24(4), 19–24 (2010)CrossRefGoogle Scholar
  12. 12.
    Merkle, R.C.: Protocols for public key cryptosystems. In: IEEE Symposium on Security and Privacy, pp. 122–134 (1980)Google Scholar
  13. 13.
    Wang, B., Li, B., Li, H.: Oruta: Privacy-preserving public auditing for shared data in the cloud. In: 2012 IEEE 5th International Conference on Cloud Computing (CLOUD), pp. 295–302 (2012)Google Scholar
  14. 14.
    Li, L., Xu, L., Li, J., Zhang, C.: Study on the third-party audit in cloud storage service. In: 2011 International Conference on Cloud and Service Computing (CSC), pp. 220–227 (2011)Google Scholar
  15. 15.
    Patel, H., Patel, D.: A review of approaches to achieve data storage correctness in cloud computing using trusted third party auditor. In: 2012 International Symposium on Cloud and Services Computing (ISCOS), pp. 84–87 (2012)Google Scholar
  16. 16.
    Zhu, Y., Hu, H., Ahn, G.J., Yau, S.S.: Efficient audit service outsourcing for data integrity in clouds. J. Syst. Softw. 85(5), 1083–1095 (2012)CrossRefGoogle Scholar
  17. 17.
    Shah, M.A., Swaminathan, R., Baker, M.: Privacy-preserving audit and extraction of digital contents. Cryptology eprint archive, report 2008/186 (2008)Google Scholar
  18. 18.
  19. 19.
  20. 20.
  21. 21.
    Cloud Security Alliance (CSA): CloudAudit A6 Cloud Security Alliance, http://cloudaudit.org/

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Thomas Rübsamen
    • 1
  • Christoph Reich
    • 1
  1. 1.Cloud Research LabFurtwangen University of Applied ScienceFurtwangenGermany

Personalised recommendations