Abstract
Cloud computing has been gaining momentum as a promising IT solution specially for enabling ubiquitous, convenient, and on-demand accesses to a shared pool of configurable computing resources. Businesses of all sizes nowadays leverage cloud services for conducting their major operations (e.g., web service, inventory management, customer service, etc.). Based on the way services are provided, cloud computing has been divided into different categories such as infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). In most of these categories, there exist at least three main stakeholders: cloud service providers, tenants and their users. A cloud service provider owns a significant amount of computational resources, e.g., servers, storage, and networking, and offers different paid services (e.g., IaaS, PaaS, etc.) to its customers by utilizing this pool of resources. Usually, cloud tenants are different companies or departments within a company. A tenant, the direct customer of cloud providers, enjoys the ad hoc and elastic (i.e., allocating/deprovisioning based on demands) nature of cloud in utilizing the shared pool of resources for conducting its necessary operations. As a member of a cloud tenant, a user mainly avails different services offered by a tenant. Thus, by providing a dynamic (i.e., ever changing) and a measured service (i.e., “pay as you go”) to its users and tenants, cloud computing has become a popular choice for diverse business models in recent years.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
S. Bleikertz, T. Groß, M. Schunter, K. Eriksson, Automated information flow analysis of virtualized infrastructures, in European Symposium on Research in Computer Security (ESORICS) (Springer, Berlin, 2011), pp. 392–415
S. Bleikertz, C. Vogel, T. Groß, S. Mödersheim, Proactive security analysis of changes in virtualized infrastructures, in Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC) (ACM, New York, 2015), pp. 51–60
Cloud Security Alliance, Security guidance for critical areas of focus in cloud computing v 3.0 (2011). https://cloudsecurityalliance.org/research/guidance/. Accessed Sept 2014
Cloud Security Alliance, Cloud control matrix CCM v3.0.1 (2014). https://cloudsecurityalliance.org/research/ccm/. Accessed 14 Feb 2018
Cloud Security Alliance, CSA STAR program and open certification framework in 2016 and beyond (2016). https://downloads.cloudsecurityalliance.org/star/csa-star-program-cert-prep.pdf. Accessed 14 Feb 2018
EU Project, Certification infrastructure for multi-layer cloud services project (cumulus) (2012). http://www.cumulus-project.eu. Accessed Jan 2019
Distributed Management Task Force, Inc. Cloud auditing data federation (2016). https://www.dmtf.org/standards/cadf
F. Doelitzscher, C. Fischer, D. Moskal, C. Reich, M. Knahl, N. Clarke, Validating cloud infrastructure changes by cloud audits, in Eighth World Congress on Services (SERVICES) (IEEE, Piscataway, 2012), pp. 377–384
ENISA, European union agency for network and information security (2016). https://www.enisa.europa.eu
ISO Std IEC, ISO 27017. Information technology- security techniques- code of practice for information security controls based on ISO/IEC 27002 for cloud services (DRAFT) (2012). http://www.iso27001security.com/html/27017.html. Accessed 14 Feb 2018
T. Madi, S. Majumdar, Y. Wang, Y. Jarraya, M. Pourzandi, L. Wang, Auditing security compliance of the virtualized infrastructure in the cloud: application to OpenStack, in Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy (CODASPY) (ACM, New York, 2016), pp. 195–206
S. Majumdar, T. Madi, Y. Wang, Y. Jarraya, M. Pourzandi, L. Wang, M. Debbabi, Security compliance auditing of identity and access management in the cloud: application to OpenStack, in 7th International Conference on Cloud Computing Technology and Science (CloudCom) (IEEE, Piscataway, 2015), pp. 58–65
S. Majumdar, Y. Jarraya, M. Oqaily, A. Alimohammadifar, M. Pourzandi, L. Wang, M. Debbabi, Leaps: learning-based proactive security auditing for clouds, in European Symposium on Research in Computer Security (ESORICS) (Springer, Berlin, 2017), pp. 265–285
NIST, SP 800-53. Recommended security controls for federal information systems (2003)
Open Data Center Alliance, Open data center alliance usage: cloud based identity governance and auditing rev. 1.0. Technical Report, Open Data Center Alliance (2012)
OpenStack, OpenStack congress (2015). https://wiki.openstack.org/wiki/Congress. Accessed 14 Feb 2018
OpenStack, OpenStack open source cloud computing software (2015). http://www.openstack.org. Accessed 14 Feb 2018
OpenStack, OpenStack user survey (2016). https://www.openstack.org/assets/survey/October2016SurveyReport.pdf. Accessed 14 Feb 2018
K.W. Ullah, A.S. Ahmed, J. Ylitalo, Towards building an automated security compliance tool for the cloud, in 12th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (IEEE, Piscataway, 2013), pp. 1587–1593
Y. Wang, T. Madi, S. Majumdar, Y. Jarraya, M. Pourzandi, L. Wang, M. Debbabi, Tenantguard: scalable runtime verification of cloud-wide vm-level network isolation, in Proceedings of 2017 Annual Network and Distributed System Security Symposium (NDSS’17) (2017)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Majumdar, S. et al. (2019). Introduction. In: Cloud Security Auditing. Advances in Information Security, vol 76. Springer, Cham. https://doi.org/10.1007/978-3-030-23128-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-23128-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23127-9
Online ISBN: 978-3-030-23128-6
eBook Packages: Computer ScienceComputer Science (R0)