Abstract
The lack of confidence in entrusting sensitive information to cloud computing service providers (CSPs) is one of the primary obstacles to widespread adoption of cloud computing, as reported by a number of surveys. From the CSPs’ perspective, their long-term return-on-investment in cloud infrastructure hinges on overcoming this obstacle. Encryption and privacy protection techniques only solve part of this problem: in addition, research is needed to increase the accountability and auditability of CSPs. However, achieving cloud accountability is a complex challenge; as we now have to consider large-scale virtual and physical distributed server environments to achieve (1) real-time tracing of source and duplicate file locations, (2) logging of a file’s life cycle, and (3) logging of content modification and access history. This position paper considers related research challenges and lays a foundation towards addressing these via three main abstraction layers of cloud accountability and a Cloud Accountability Life Cycle.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Fujitsu Research Institute: Personal data in the cloud: A global survey of consumer attitudes (2010)
Gross, G.: Microsoft presses for cloud computing transparency (2010), http://www.infoworld.com/d/cloud-computing/microsoft-presses-cloud-computing-transparency-799
Strukhoff, R.: Cloud Computing Vendors Need More Transparency (2010), http://cloudcomputing.sys-con.com/node/1308929
Pearson, S., Benameur, A.: Privacy, Security and Trust Issues Arising from Cloud Computing. In: The 2nd International Conference on Cloud Computing. IEEE, Indiana (2010)
Pearson, S., Charlesworth, A.: Accountability as a way forward for privacy protection in the cloud. In: Cloud Computing 2009, pp. 131–144 (2009)
Armbrust, M., et al.: A view of cloud computing. Communications of the ACM 53(4), 50–58 (2010)
Garfinkel, S.: An Evaluation of Amazon’s Grid Computing Services: EC2, S3, and SQS (2007)
Chappell, D.: Introducing windows azure. Microsoft (2009)
Buneman, P., Khanna, S., Tan, W.: Data provenance: Some basic issues. In: Foundations of Software Technology and Theoretical Computer Science, pp. 87–93 (2000)
Cloud Security Alliance: Top Threats to to Cloud Computing Report, Ver.1.0 (2010)
Baldwin, A., Shiu, S., Beres, Y.: Auditing in shared distributed virtualized environments. HP Technical Reports (2008)
HyTrust. HyTrust Appliance (2010), http://www.hytrust.com/product/overview/
Silberschatz, A., Galvin, P., Gagne, G.: Operating system concepts. Addison-Wesley, New York (1991)
Hyperic: CloudStatus (2010), http://www.cloudstatus.com/
Shende, J.: Live Forensics and the Cloud - Part 1. Cloud Computing Journal (2010), http://cloudcomputing.sys-con.com/node/1547944
Buneman, P., Khanna, S., Wang-Chiew, T.: Why and where: A characterization of data provenance. In: International Conference on Database Theory—ICDT 2001, pp. 316–330 (2001)
Tan, W.: Provenance in databases: Past, current, and future. Data Engineering 2007, 3 (2007)
Pearson, S., Balacheff, B.: Trusted computing platforms: TCPA technology in context. Prentice Hall PTR, Upper Saddle River (2003)
Proudler, G.: Concepts of trusted computing. In: Mitchell, C.J. (ed.) Trusted Computing. IEE Professional Applications of Computing Series, vol. 6, pp. 11–27. The Institute of Electrical Engineers (IEE), London (2005)
Hansen, S., Atkins, E.: Automated system monitoring and notification with swatch. In: USENIX Association’s Proceedings of the Seventh Systems Administration (LISA VII) Conference (1993)
Roesch, M.: Snort-lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA 1999, Seattle, Washington (1999)
Zimmermann, H.: OSI reference model–The ISO model of architecture for open systems interconnection. IEEE Transactions on Communications 28(4), 425–432 (2002)
Stevens, W.: TCP/IP Illustrated: The Protocols, vol. I. Pearson Education, India (2004)
Chow, R., et al.: Controlling data in the cloud: outsourcing computation without outsourcing control. In CCSW 2009: Proceedings of the 2009 ACM Workshop on Cloud Computing Security. ACM, New York (2009)
Rosenblum, M., Ousterhout, J.: The design and implementation of a log-structured file system. ACM Transactions on Computer Systems (TOCS) 10(1), 26–52 (1992)
Slagell, A., Wang, J., Yurcik, W.: Network Log Anonymization: Application of Crypto-PAn to Cisco NetFlows. In: NSF/AFRL Workshop on Secure Knowledge Management (SKM 2004), Buffalo, NY (2004)
Slagell, A., Yurcik, W.: Sharing computer network logs for security and privacy: A motivation for new methodologies of anonymization. In: Proceedings of SECOVAL: The Workshop on the Value of Security Through Collaboration (August 2005)
Gray, J., Reuter, A.: Transaction processing: concepts and techniques. Morgan Kaufmann, San Francisco (1993)
Peters, T.: The history and development of transaction log analysis. Library Hi Tech. 11(2), 41–66 (1993)
Ko, R.: A computer scientist’s introductory guide to business process management (BPM). ACM Crossroads 15(4), 11–18 (2009)
Ko, R., Lee, S., Lee, E.: Business process management (BPM) standards: a survey. Business Process Management Journal 15(5), 744–791 (2009)
Anthony, R.: Planning and control systems: a framework for analysis. Division of Research, Graduate School of Business Administration, Harvard University (1965)
Cloud Security Alliance: Trusted Cloud Initiative (2010), http://www.cloudsecurityalliance.org/trustedcloud.html
Cloud Security Alliance: Cloud Security Alliance Governance, Risk Management and Compliance (GRC) Stack (2010), http://www.cloudsecurityalliance.org/grcstack.html
Cloud Security Alliance (2010), http://www.cloudsecurityalliance.org/
Cloud Security Alliance: CloudAudit (A6 - The Automated Audit, Assertion, Assessment, and Assurance API) (2010), http://cloudaudit.org/
Knode, R.: CloudTrust 2.0 (2010), http://scap.nist.gov/events/2010/itsac/presentations/day2/Security_Automation_for_Cloud_Computing-CloudTrust_2.0.pdf
Mowbray, M., Pearson, S., Shen, Y.: Enhancing privacy in cloud computing via policy-based obfuscation. The Journal of Supercomputing, 1–25 (2010)
Pearson, S.: Taking account of privacy when designing cloud computing services. In: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing. IEEE, Los Alamitos (2009)
Mowbray, M., Pearson, S.: A client-based privacy manager for cloud computing. In: Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, COMSWARE 2009. ACM, New York (2009)
Haeberlen, A.: A case for the accountable cloud. ACM SIGOPS Operating Systems Review 44(2), 52–57 (2010)
Haeberlen, A., et al.: Accountable virtual machines. In: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2010 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ko, R.K.L., Lee, B.S., Pearson, S. (2011). Towards Achieving Accountability, Auditability and Trust in Cloud Computing. In: Abraham, A., Mauri, J.L., Buford, J.F., Suzuki, J., Thampi, S.M. (eds) Advances in Computing and Communications. ACC 2011. Communications in Computer and Information Science, vol 193. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22726-4_45
Download citation
DOI: https://doi.org/10.1007/978-3-642-22726-4_45
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22725-7
Online ISBN: 978-3-642-22726-4
eBook Packages: Computer ScienceComputer Science (R0)