Abstract
Despite the apparent advantages of cloud computing, the fear of unauthorized exposure of sensitive user data [3,4,8,13] and non-compliance to privacy restrictions impedes its adoption for security-sensitive tasks. For the common setting in which the cloud infrastructure provider and the online service provider are different, end users have to trust the efforts of both of these parties for properly handling their private data as intended. To address this challenge, in this work, we take a step towards elevating the confidence of users for the safety of their cloud-resident data by introducing Cloudopsy, a service with the goal to provide a visual autopsy of the exchange of user data in the cloud premises. Cloudopsy offers a user-friendly interface to the customers of the cloud-hosted services to independently monitor and get a better understanding of the handling of their cloud-resident sensitive data by the third-party cloud-hosted services. While the framework is targeted mostly towards the end users, Cloudopsy provides also the service providers with an additional layer of protection against illegitimate data flows, e.g., inadvertent data leaks, by offering a graphical more meaningful representation of the overall service dependencies and the relationships with third-parties outside the cloud premises, as they derive from the collected audit logs. The novelty of Cloudopsy lies in the fact that it leverages the power of visualization when presenting the final audit information to the end users (and the service providers), which adds significant benefits to the understanding of rich but ever-increasing audit trails. One of the most obvious benefits of the resulting visualization is the ability to better understand ongoing events, detect anomalies, and reduce decision latency, which can be particularly valuable in real-time environments.
Chapter PDF
Similar content being viewed by others
References
Berghel, H.: Identity theft and financial fraud: Some strangeness in the proportions. Computer 45(1), 86–89 (2012)
Chen, Y.Y., Jamkhedkar, P.A., Lee, R.B.: A software-hardware architecture for self-protecting data. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 14–27 (2012)
Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 85–90 (2009)
Cloud Security Alliance: Security guidance for critical areas of focus in cloud computing v2.1 (December 2009), https://cloudsecurityalliance.org/csaguide.pdf
Computerworld: Microsoft BPOS cloud service hit with data breach (December 2010), http://www.computerworld.com/s/article/9202078/Microsoft_BPOS_cloud_service_hit_with_data_breach
Cornell University: Open-source Forensics Tools for Network and System Administrators – Spider (February 2010), http://www2.cit.cornell.edu/security/tools/
Gens, F.: IT Cloud Services User Survey, pt.2: Top Benefits & Challenges. IDC (October 2008), http://blogs.idc.com/ie/?p=210
Kaufman, L.: Data security in the world of cloud computing. IEEE Security Privacy 7(4), 61–64 (2009)
Kemerlis, V.P., Portokalidis, G., Jee, K., Keromytis, A.D.: libdft: Practical Dynamic Data Flow Tracking for Commodity Systems. In: Proc. of VEE (2012)
Ko, R., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., Lee, B.S.: TrustCloud: A framework for accountability and trust in cloud computing. In: 2011 IEEE World Congress on Services (SERVICES), pp. 584–588 (July 2011)
Krzywinski, M.I., Schein, J.E., Birol, I., Connors, J., Gascoyne, R., Horsman, D., Jones, S.J., Marra, M.A.: Circos: An information aesthetic for comparative genomics. Genome Research (2009)
Massonet, P., Naqvi, S., Ponsard, C., Latanicki, J., Rochwerger, B., Villari, M.: A monitoring and audit logging architecture for data location compliance in federated cloud infrastructures. In: 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum (IPDPSW), pp. 1510–1517 (May 2011)
Molnar, D., Schechter, S.: Self hosting vs. cloud hosting: Accounting for the security impact of hosting in the cloud. In: Proceedings of the 9th Workshop on the Economics of Information Security, WEIS 2010, pp. 1–18 (2010)
Pappas, V., Kemerlis, V., Zavou, A., Polychronakis, M., Keromytis, A.D.: CloudFence: Enabling Users to Audit the Use of their Cloud-Resident Data. Tech. Rep. CUCS-002-12, CS Department, Columbia University (2012), http://hdl.handle.net/10022/AC:P:12821
Sophos: Groupon subsidiary leaks 300k logins, fixes fail, fails again (June 2011), http://nakedsecurity.sophos.com/2011/06/30/groupon-subsidiary-leaks-300k-logins-fixes-fail-fails-again/
The Wall Street Journal: Google Discloses Privacy Glitch (March 2009), http://blogs.wsj.com/digits/2009/03/08/1214/
VirtueMart eCommerce Solution: VirtueMart shopping cart software, http://virtuemart.net
Wang, C., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for data storage security in cloud computing. In: 2010 Proceedings IEEE INFOCOM (March 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zavou, A., Pappas, V., Kemerlis, V.P., Polychronakis, M., Portokalidis, G., Keromytis, A.D. (2013). Cloudopsy: An Autopsy of Data Flows in the Cloud. In: Marinos, L., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2013. Lecture Notes in Computer Science, vol 8030. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39345-7_39
Download citation
DOI: https://doi.org/10.1007/978-3-642-39345-7_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39344-0
Online ISBN: 978-3-642-39345-7
eBook Packages: Computer ScienceComputer Science (R0)