Skip to main content
SpringerLink
Log in

Literature Review

  • Chapter
  • First Online:
Cloud Security Auditing

Part of the book series: Advances in Information Security ((ADIS,volume 76))

Abstract

This chapter first categorizes the existing cloud security auditing, then elaborates each category mainly based on its coverage and adopted verification techniques, and finally presents a taxonomy based on these works. There exist mainly three categories of cloud security auditing approaches. In the following, we discuss each of these approaches with corresponding example works.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. A. Alimohammadifar, S. Majumdar, T. Madi, Y. Jarraya, M. Pourzandi, L. Wang, M. Debbabi, Stealthy probing-based verification (SPV): an active approach to defending software defined networks against topology poisoning attacks, in European Symposium on Research in Computer Security (Springer, Berlin, 2018), pp. 463–484

    Google Scholar 

  2. Amazon Web Services, Security at scale: logging in AWS. Technical report, Amazon (2013)

    Google Scholar 

  3. N. Bjørner, K. Jayaraman, Checking cloud contracts in Microsoft Azure, in Distributed Computing and Internet Technology (Springer, Berlin, 2015)

    Google Scholar 

  4. S. Bleikertz, C. Vogel, T. GroĂŸ, Cloud Radar: near real-time detection of security failures in dynamic virtualized infrastructures, in Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC) (ACM, New York, 2014), pp. 26–35

    Google Scholar 

  5. S. Bleikertz, C. Vogel, T. GroĂŸ, S. Mödersheim, Proactive security analysis of changes in virtualized infrastructures, in Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC) (ACM, New York, 2015), pp. 51–60

    Google Scholar 

  6. Cloud Security Alliance, CSA STAR program and open certification framework in 2016 and beyond (2016). https://downloads.cloudsecurityalliance.org/star/csa-star-program-cert-prep.pdf. Accessed 14 Feb 2018

  7. F.H.-U. Doelitzscher, Security audit compliance for cloud computing. Ph.D. Thesis, Plymouth University (2014)

    Google Scholar 

  8. F. Doelitzscher, C. Fischer, D. Moskal, C. Reich, M. Knahl, N. Clarke, Validating cloud infrastructure changes by cloud audits, in Eighth World Congress on Services (SERVICES) (IEEE, Piscataway, 2012), pp. 377–384

    Google Scholar 

  9. E. Dolzhenko, J. Ligatti, S. Reddy, Modeling runtime enforcement with mandatory results automata. Int. J. Inf. Sec. 14(1), 47–60 (2015)

    Article  Google Scholar 

  10. S.N. Foley, U. Neville, A firewall algebra for OpenStack, in Conference on Communications and Network Security (CNS) (IEEE, Piscataway, 2015), pp. 541–549

    Google Scholar 

  11. N. Ghosh, D. Chatterjee, S.K. Ghosh, S.K. Das, Securing loosely-coupled collaboration in cloud environment through dynamic detection and removal of access conflicts. IEEE Trans. Cloud Comput. 4, 1 (2014)

    Google Scholar 

  12. A. Gouglidis, I. Mavridis, domRBAC: an access control model for modern collaborative systems. Comput. Secur. 31, 540–556 (2012)

    Article  Google Scholar 

  13. A. Gouglidis, I. Mavridis, V.C. Hu, Security policy verification for multi-domains in cloud systems. Int. J. Inf. Sec. 13(2), 97–111 (2014)

    Article  Google Scholar 

  14. S. Hong, L. Xu, H. Wang, G. Gu, Poisoning network visibility in software-defined networks: new attacks and countermeasures, in Proceedings of 2015 Annual Network and Distributed System Security Symposium (NDSS’15) (2015)

    Google Scholar 

  15. IBM, Safeguarding the cloud with IBM security solutions. Technical Report, IBM Corporation (2013)

    Google Scholar 

  16. Z. Ismail, C. Kiennert, J. Leneutre, L. Chen, Auditing a cloud provider’s compliance with data backup requirements: a game theoretical analysis. IEEE Trans. Inf. Forensics Secur. 11(8), 1685–1699 (2016)

    Article  Google Scholar 

  17. H. Kai, H. Chuanhe, W. Jinhai, Z. Hao, C. Xi, L. Yilong, Z. Lianzhen, W. Bin, An efficient public batch auditing protocol for data security in multi-cloud storage, in 8th ChinaGrid Annual Conference (ChinaGrid) (IEEE, Piscataway, 2013), pp. 51–56

    Google Scholar 

  18. J. Ligatti, L. Bauer, D. Walker, Run-time enforcement of nonsafety policies.ACM Trans. Inf. Syst. Secur. 12(3), 19 (2009)

    Article  Google Scholar 

  19. J. Ligatti, S. Reddy, A theory of runtime enforcement, with results, in European Symposium on Research in Computer Security (ESORICS) (Springer, Berlin, 2010), pp. 87–100

    Google Scholar 

  20. Z. Lu, Z. Wen, Z. Tang, R. Li, Resolution for conflicts of inter-operation in multi-domain environment. Wuhan Univ. J. Nat. Sci. 12(5), 955–960 (2007)

    Article  Google Scholar 

  21. Y. Luo, W. Luo, T. Puyang, Q. Shen, A. Ruan, Z. Wu, OpenStack security modules: a least-invasive access control framework for the cloud, in IEEE 9th International Conference on Cloud Computing (CLOUD) (2016)

    Google Scholar 

  22. T. Madi, S. Majumdar, Y. Wang, Y. Jarraya, M. Pourzandi, L. Wang, Auditing security compliance of the virtualized infrastructure in the cloud: application to OpenStack, in Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy (CODASPY) (ACM, New York, 2016), pp. 195–206

    Google Scholar 

  23. T. Madi, Y. Jarraya, A. Alimohammadifar, S. Majumdar, Y. Wang, M. Pourzandi, L. Wang, M. Debbabi, ISOTOP: auditing virtual networks isolation across cloud layers in OpenStack. ACM Trans. Privacy Secur. 22, 1 (2018)

    Article  Google Scholar 

  24. S. Majumdar, T. Madi, Y. Wang, Y. Jarraya, M. Pourzandi, L. Wang, M. Debbabi, Security compliance auditing of identity and access management in the cloud: application to OpenStack, in 7th International Conference on Cloud Computing Technology and Science (CloudCom) (IEEE, Piscataway, 2015), pp. 58–65

    Google Scholar 

  25. S. Majumdar, Y. Jarraya, T. Madi, A. Alimohammadifar, M. Pourzandi, L. Wang, M. Debbabi, Proactive verification of security compliance for clouds through pre-computation: application to OpenStack, in European Symposium on Research in Computer Security (ESORICS) (Springer, Berlin, 2016), pp. 47–66

    Google Scholar 

  26. S. Majumdar, Y. Jarraya, M. Oqaily, A. Alimohammadifar, M. Pourzandi, L. Wang, M. Debbabi, Leaps: learning-based proactive security auditing for clouds, in European Symposium on Research in Computer Security (ESORICS) (Springer, Berlin, 2017), pp. 265–285

    Google Scholar 

  27. S. Majumdar, T. Madi, Y. Wang, Y. Jarraya, M. Pourzandi, L. Wang, M. Debbabi, User-level runtime security auditing for the cloud. IEEE Trans. Inf. Forensics Secur. 13(5), 1185–1199 (2018)

    Article  Google Scholar 

  28. S. Narain, Network configuration management via model finding, in Proceedings of the 19th Conference on Large Installation System Administration Conference (LISA) (2005), p. 15

    Google Scholar 

  29. OpenStack, OpenStack congress (2015). https://wiki.openstack.org/wiki/Congress. Accessed 14 Feb 2018

  30. D. Petcu, C. Craciun, Towards a security SLA-based cloud monitoring service, in Proceedings of the 4th International Conference on Cloud Computing and Services Science (CLOSER) (2014), pp. 598–603

    Google Scholar 

  31. F.B. Schneider, Enforceable security policies. Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)

    Article  Google Scholar 

  32. R. Skowyra, L. Xu, G. Gu, T. Hobson, V. Dedhia, J. Landry, H. Okhravi, Effective topology tampering attacks and defenses in software-defined networks, in Proceedings of the 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’18) (2018)

    Google Scholar 

  33. M. Solanas, J. Hernandez-Castro, D. Dutta, Detecting fraudulent activity in a cloud using privacy-friendly data aggregates. Technical Report, arXiv preprint (2014)

    Google Scholar 

  34. A. Tabiban, S. Majumdar, L. Wang, M. Debbabi, Permon: an openstack middleware for runtime security policy enforcement in clouds, in Proceedings of the 4th IEEE Workshop on Security and Privacy in the Cloud (SPC 2018) (2018)

    Google Scholar 

  35. B. Tang, R. Sandhu, Extending openstack access control with domain trust, in Network and System Security (Springer, Berlin, 2014), pp. 54–69

    Google Scholar 

  36. K.W. Ullah, A.S. Ahmed, J. Ylitalo, Towards building an automated security compliance tool for the cloud, in 12th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (IEEE, Piscataway, 2013), pp. 1587–1593

    Google Scholar 

  37. C. Wang, S.S. Chow, Q. Wang, K. Ren, W. Lou, Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Comput. 62(2), 362–375 (2013)

    Article  MathSciNet  Google Scholar 

  38. Y. Wang, T. Madi, S. Majumdar, Y. Jarraya, M. Pourzandi, L. Wang, M. Debbabi, Tenantguard: scalable runtime verification of cloud-wide vm-level network isolation, in Proceedings of 2017 Annual Network and Distributed System Security Symposium (NDSS’17) (2017)

    Google Scholar 

  39. Y. Wang, Q. Wu, B. Qin, W. Shi, R.H. Deng, J. Hu, Identity-based data outsourcing with comprehensive auditing in clouds. IEEE Trans. Inf. Forensics Secur. 12(4), 940–952 (2017)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security and Digital Forensi, University at Albany - SUNY, Albany, NY, USA

    Suryadipta Majumdar

  2. CIISE, Concordia University, Montréal, QC, Canada

    Taous Madi

  3. CIISE, Concordia University, Montreal, QC, Canada

    Yushun Wang, Azadeh Tabiban, Momen Oqaily & Lingyu Wang

  4. Concordia University, Montreal, QC, Canada

    Amir Alimohammadifar & Mourad Debbabi

  5. Ericsson Security Research, Saint-Laurent, QC, Canada

    Yosr Jarraya

  6. Ericsson Security Research, Montreal, QC, Canada

    Makan Pourzandi

Authors
  1. Suryadipta Majumdar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Taous Madi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yushun Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Azadeh Tabiban
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Momen Oqaily
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Amir Alimohammadifar
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Yosr Jarraya
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Makan Pourzandi
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Lingyu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Mourad Debbabi
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Majumdar, S. et al. (2019). Literature Review. In: Cloud Security Auditing. Advances in Information Security, vol 76. Springer, Cham. https://doi.org/10.1007/978-3-030-23128-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-23128-6_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-23127-9

  • Online ISBN: 978-3-030-23128-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation