Advertisement

Konzeptionelle Architektur von dynamischen Zertifizierungen

  • Sebastian LinsEmail author
  • Ali Sunyaev
Chapter

Zusammenfassung

Bestehende Methoden zur kontinuierlichen Überwachung oder Auditierung von Cloud-Services sind nicht unmittelbar anwendbar im Kontext der dynamischen Zertifizierung. Insbesondere mangelt es derzeit an einer umfassenden Architektur, die den vollständigen Prozess der dynamischen Zertifizierung abdeckt. Wir begegnen dieser Lücke, indem wir eine konzeptionelle Architektur für die dynamische Zertifizierung von Cloud-Services aufzeigen, welche die Hauptkomponenten, Methoden und Prozesse umfasst und dabei die Anforderungen und Bedürfnisse der wichtigsten Stakeholder berücksichtigt. Schließlich diskutieren wir mögliche Herausforderungen bei der Umsetzung der vorgeschlagenen Architektur.

Most of existing methodologies to continuously monitor and audit cloud services are not applicable for third party certification purposes. Therefore, we propose a conceptual architecture for dynamic certification of cloud services, and highlight important components and processes that have to be implemented. Finally, we discuss benefits and challenges that have to be tackled to diffuse the concept of dynamic cloud service certification.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literaturverzeichnis

  1. Alles M, Brennan G, Kogan A, Vasarhelyi MA (2006) Continuous Monitoring of Business Process Controls: A Pilot Implementation of a Continuous Auditing System at Siemens. International Journal of Accounting Information Systems 7 (2):137–161.Google Scholar
  2. Alles MG, Kogan A, Vasarhelyi MA (2008a) Audit Automation for Implementing Continuous Auditing: Principles and Problems http://raw.rutgers.edu/MiklosVasarhelyi/Resume%20Articles/RESEARCH%20%26%20WORKING%20PAPERS/audit%20automation.pdf. Accessed 22.06.2017.
  3. Alles MG, Kogan A, Vasarhelyi MA (2008b) Putting Continuous Auditing Theory into Practice: Lessons from Two Pilot Implementations. Journal of Information Systems 22 (2):195–214.Google Scholar
  4. Chou CL-y, Du T, Lai VS (2007) Continuous Auditing with a Multi-Agent System. Decision Support Systems 42 (4):2274–2292.Google Scholar
  5. David JS, Steinbart PJ (1999) Drowning in Data. Strategic Finance 81 (6):30–36.Google Scholar
  6. Doelitzscher F, Fischer C, Moskal D, Reich C, Knahl M, Clarke N (2012) Validating Cloud Infrastructure Changes by Cloud Audits. In: Proceedings of the IEEE Eighth World Congress on Services, Honolulu, Hawaii, USA, 2012a.Google Scholar
  7. Doelitzscher F, Reich C, Knahl M, Passfall A, Clarke N (2012b) An Agent Based Business Aware Incident Detection System for Cloud Environments. Journal of Cloud Computing 1 (9):1–19.Google Scholar
  8. Du H, Roohani S (2007) Meeting Challenges and Expectations of Continuous Auditing in the Context of Independent Audits of Financial Statements. International Journal of Auditing 11 (2):133–146.Google Scholar
  9. Groomer SM, Murthy US (1989) Continuous Auditing of Database Applications: An Embedded Audit Module Approach. Journal of Information Systems 3 (2):53–69.Google Scholar
  10. Hunton JE, Rose JM (2010) 21st Century Auditing. Accounting Horizons 24 (2):297–312.Google Scholar
  11. Ko RL, Lee B, Pearson S (2011) Towards Achieving Accountability, Auditability and Trust in Cloud Computing. In: Abraham A, Mauri J, Buford J, Suzuki J, Thampi S (eds) Advances in Computing and Communications, vol 193. Springer Berlin Heidelberg, pp 432–444.Google Scholar
  12. Kunz T, Niehues P, Waldmann U (2013) Technische Unterstützung von Audits bei Cloud-Betreibern. Datenschutz und Datensicherheit 37 (8):521–525.Google Scholar
  13. Lang M, Wiesche M, Krcmar H (2016) What Are the Most Important Criteria for Cloud Service Provider Selection? A Delphi Study. In: Proceedings of the 24th European Conference on Information Systems (ECIS 2016), Istanbul, Turkey, 2016. pp 1-18.Google Scholar
  14. Lang M, Wiesche M, Krcmar H (2017) Conceptualization of Relational Assurance Mechanisms - A Literature Review on Relational Assurance Mechanisms, Their Antecedents and Effects. In: Proceedings der 13. Internationalen Tagung Wirtschaftsinformatik (WI 2017), St. Gallen, Switzerland, 2017. pp 852-866.Google Scholar
  15. Lins S, Grochol P, Schneider S, Sunyaev A (2016a) Dynamic Certification of Cloud Services: Trust, but Verify! IEEE Security and Privacy 14 (2):67–71.Google Scholar
  16. Lins S, Schneider S, Sunyaev A (2016b) Trust is Good, Control is Better: Creating Secure Clouds by Continuous Auditing. IEEE Transactions on Cloud Computing (forthcoming). doi: 10.1109/tcc.2016.2522411.
  17. Lins S, Teigeler H, Sunyaev A (2016) Towards a Bright Future: Enhancing Diffusion of Continuous Cloud Service Auditing by Third Parties. In: Proceedings of 24th European Conference on Information Systems (ECIS 2016), Istanbul, Turkey, 2016c. pp 1-18.Google Scholar
  18. Lins S, Thiebes S, Schneider S, Sunyaev A (2015) What is Really Going on at Your Cloud Service Provider? In: Proceddings of the 48th Hawaii International Conference on System Science (HICSS 2015), Kauai, Hawaii, USA, 2015. pp 1-10.Google Scholar
  19. Massonet P, Naqvi S, Ponsard C, Latanicki J, Rochwerger B, Villari M A (2011) Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures. In: Proceedings of the IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum (IPDPSW 2011), Anchorage, Alaska, USA, 2011. pp 1510–1517.Google Scholar
  20. Murthy US, Groomer SM (2004) A Continuous Auditing Web Services Model for XML-based Accounting Systems. International Journal of Accounting Information Systems 5 (2):139–163.Google Scholar
  21. National Institute of Standards and Technology (2014) NIST Cloud Computing Forensic Science Challenges: Draft NISTIR 8006.Google Scholar
  22. National Institutes of Standards and Technology (2002) Federal Information Security Management Act of 2002. http://csrc.nist.gov/drivers/documents/FISMA-final.pdf. Accessed 22.06.2017.
  23. Pichan A, Lazarescu M, Soh ST (2015) Cloud Forensics. Digital Investigation 13 (C):38–57.Google Scholar
  24. Rajalakshmi JR, Rathinraj M, Braveen M (2014) Anonymizing Log Management Process for Secure Logging in the Cloud. In: Proceedings of the International Conference on Circuit, Power and Computing Technologies (ICCPCT 2014), Nagercoil, India, 2014. pp 1559–1564.Google Scholar
  25. Schneider S, Sunyaev A (2015) Cloud-Service-Zertifizierung. Ein Rahmenwerk und Kriterienkatalog zur Zertifizierung von Cloud-Services. 1 edn. Springer-Verlag, Berlin Heidelberg. doi: 10.1007/978-3-662-47286-6.
  26. Vasarhelyi M, Halper FB (1991) The Continuous Audit of Online Systems. Auditing: A Journal of Practice and Theory 10 (1):1–18.Google Scholar
  27. Vasarhelyi MA, Alles MG, Kogan A, O’Leary D (2004) Principles of Analytic Monitoring for Continuous Assurance. Journal of Emerging Technologies in Accounting 1 (1):1–21.Google Scholar
  28. Wang B, Li B, Li H (2014) Oruta: Privacy-preserving Public Auditing for Shared Data in the Cloud. IEEE Transactions on Cloud Computing 2 (1):43–56.Google Scholar
  29. Wei L, Zhu H, Cao Z, Dong X, Jia W, Chen Y, Vasilakos AV (2014) Security and Privacy for Storage and Computation in Cloud Computing. Information Sciences 258:371-386.Google Scholar
  30. Zawoad S, Hasan R, Skjellum A (2015) OCF: An Open Cloud Forensics Model for Reliable Digital Forensics. In: Proceedings of the IEEE 8th International Conference on Cloud Computing (CLOUD 2015) New York, USA, 2015. pp 437–444.Google Scholar

Copyright information

© Springer Fachmedien Wiesbaden GmbH 2018

Authors and Affiliations

  1. 1.Fachgebiet Wirtschaftsinformatik und SystementwicklungUniversität KasselKasselDeutschland

Personalised recommendations