Skip to main content
SpringerLink
Log in

Automatic Data Protection Certificates for Cloud-Services based on Secure Logging

  • Chapter
  • First Online:
Trusted Cloud Computing

Abstract

Cloud services promise numerous advantages for companies over traditional in-house data processing in terms of flexibility and cost efficiency. These cloud services vary considerably with respect to the security mechanisms provided. As a result, many security-aware companies have strong concerns in using such services, e.g., with respect to confidentiality, data protection, availability, and control. Moreover, they complain the lack of transparency concerning the security measures and processes the cloud provider has installed. As a solution for the latter one, auditors may evaluate cloud providers and issue certificates attesting whether or not the cloud provider meets certain security requirements or legal regulations. However, due to the characteristics of cloud computing, on-site inspections in the data centers of a cloud provider do not seem to be realistic. In this paper we present a technical solution of an automatically generated data processing certificate for cloud services. Formal policies containing the security requirements the cloud service must comply with are the basis for this certificate. Our contribution uses secure log files as a trustworthy data base for the evaluation of a cloud service. We introduce a secure logging method which is resistant against internal manipulation attempts and that creates tamper-proof and confidential log data. Thus, the logging method is very well suited for the application in the data center of a potential untrustworthy cloud provider (This contribution has been created within the project CloudCycle (http://www.cloudcycle.org). CloudCycle is funded by the German Federal Ministry for Economic Affairs and Energy (BMWi) according to a decision of the German Federal Parliament within the funding priority “Trusted Cloud”.).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Accorsi, R.: Log Data as Digital Evidence: What Secure Logging Protocols Have to Offer? In: 33rd Annual IEEE International Computer Software and Applications Conference (COMPSAC’09), pp. 398–403, (2009)

    Google Scholar 

  2. Bellare, M., Yee, B. S.: Forward Integrity for Secure Audit Logs. University of California at San Diego (1997)

    Google Scholar 

  3. Borges, G. et al.: Datenschutzrechtliche Lösungen für Cloud Computing. Kompetenzzentrum Trusted Cloud, http://www.trusted-cloud.de, (2012)

  4. BSI: Studieüuber die Nutzung von Log- und Monitoringdaten im Rahmen der IT-Frühwarnung und für einen sicheren IT-Betrieb (2007)

    Google Scholar 

  5. Contu, R., Pingree, L., Ahlm, E.: Predicts 2013: Security Solutions. Technical Report, Gartner (2012)

    Google Scholar 

  6. Eurocloud Deutschland eco e.V.: Leitfaden Cloud Computing, (2010)

    Google Scholar 

  7. European Network and Information Security Agency (ENISA): Critical Cloud Computing -A CIIP perspective on cloud computing services, Version 1.0, (2012)

    Google Scholar 

  8. Gerhards, R.: The Syslog Protocol, Request for Comments: 5424, Internet Engineering Task Force IETF (2009)

    Google Scholar 

  9. Gola, P., Schomerus, R.: BDSG Kommentar (2012)

    Google Scholar 

  10. Gonzales, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., N¨aslund, M., Pourzandi, M.: A quantitative analysis of current security concerns and solutions for cloud computing. In: Journal of Cloud Computing: Advances, Systems and Applications, 1(1) (2012)

    Google Scholar 

  11. Hardt, D. (Ed.): The OAuth 2.0 Authorization Framework, Request for Comments: 6749, Internet Engineering Task Force IETF (2012)

    Google Scholar 

  12. Holt, J. E.: Logcrypt: forward security and public verification for secure audit logs. In: Proceedings of the 2006 Australasian workshops on Grid computing and e-research, Volume 54, ACSW Frontiers ’06, pp. 203–211, Australian Computer Society (2006)

    Google Scholar 

  13. ISO/IEC 27001: Information technology - Security techniques - Information security management systems - Requirements (2013)

    Google Scholar 

  14. Lipton, P., Moser, S., Palma, D., Spatzier, T.: Topology and Orchestration Specification for Cloud Applications (TOSCA), Version 1.0, http://www.oasis-open.org/committees/tc\_home.php?wg\_abbrev=tosca OASIS specification (2013)

  15. Merkle, R.: Protocols for Public Key Cryptosystems. In: Proceedings of the 1980 IEEE Symposium on Security and Privacy, Oakland, USA (1980)

    Google Scholar 

  16. National Institute of Standards and Technology (NIST): Guide for Applying the Risk Management Framework to Federal Information Systems - A Security Life Cycle Approach, NIST Special Publication 800-37, (2010)

    Google Scholar 

  17. Niehues, P., Kunz, T., Posiadlo, L.: Das CloudCycle-Ökosystem, Technical report, http: //www.cloudcycle.org, CloudCycle (2013)

  18. Schneider, S., Lansing, J., Sunyaev, A.: Empfehlungen zur Gestaltung von Cloud-Service-Zertifizierungen, In: Industrie Management - Zeitschrift für industrielle Geschäftsprozesse, pp. 13–17 (2013)

    Google Scholar 

  19. Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics, In: ACM Transactions on Information and System Security (TISSEC) 1999, Volume 2, pp. 159–176, ACM New York, USA (1999)

    Google Scholar 

  20. Selzer, A.: Die Kontrollpflicht nach § 11 Abs. 2 Satz 4 BDSG im Zeitalter des Cloud Computing, In: DuD 04/2013

    Google Scholar 

  21. Stathopoulos, V., Kotzanikolaou, P., Magkos, E.: A Framework for Secure and Verifiable Logging in Public Communication Networks, In: Critical Information Infrastructures Security, Lecture Notes in Computer Science, Springer Berlin Heidelberg, pp. 273–284 (2006)

    Google Scholar 

  22. Waizenegger, T., Wieland, M., Binz, T., Breitenb¨ucher, U.: Towards a Policy-Framework for Provisioning and Management of Cloud Services, In: SECURWARE 2013, The Seventh International Conference on Emerging Security Information, Systems and Technologies (2013)

    Google Scholar 

  23. Waizenegger, T., Wieland, M., Binz, T., Breitenb¨ucher, U., Haupt, F., Kopp, O., Leymann, F., Mitschang, B., Nowak, A., Wagner, S.: Policy4TOSCA: A Policy-Aware Cloud Service Provisioning Approach to Enable Secure Cloud Computing, In: DOA-Trusted Cloud’13 International Conference on Secure Virtual Infrastructures (2013)

    Google Scholar 

  24. Waters, B. R., Balfanz, D., Durfee, G., Smetters, D. K.: Building an Encrypted and Searchable Audit Log, Princeton University and Palo Alto Research Center (2004)

    Google Scholar 

  25. Weichert, T.: Cloud Computing und Datenschutz, In: DuD 10/2010

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fraunhofer Institute for Secure Information Technology SIT, Rheinstr. 75, 64295, Darmstadt, Germany

    Thomas Kunz, Annika Selzer & Ulrich Waldmann

Authors
  1. Thomas Kunz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Annika Selzer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ulrich Waldmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Kunz .

Editor information

Editors and Affiliations

  1. Technische Universität München, fortiss - An-Institut Technische Universität München, Munich, Germany

    Helmut Krcmar

  2. Karlsruhe Institute of Technology, FZI - Forschungszentrum Informatik am KIT, Karlsruhe, Germany

    Ralf Reussner

  3. RWTH Aachen, RIT - Rumpe Information Technologies, Aachen, Germany

    Bernhard Rumpe

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Kunz, T., Selzer, A., Waldmann, U. (2014). Automatic Data Protection Certificates for Cloud-Services based on Secure Logging. In: Krcmar, H., Reussner, R., Rumpe, B. (eds) Trusted Cloud Computing. Springer, Cham. https://doi.org/10.1007/978-3-319-12718-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12718-7_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12717-0

  • Online ISBN: 978-3-319-12718-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation