Abstract
This chapter first categorizes the existing cloud security auditing, then elaborates each category mainly based on its coverage and adopted verification techniques, and finally presents a taxonomy based on these works. There exist mainly three categories of cloud security auditing approaches. In the following, we discuss each of these approaches with corresponding example works.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
A. Alimohammadifar, S. Majumdar, T. Madi, Y. Jarraya, M. Pourzandi, L. Wang, M. Debbabi, Stealthy probing-based verification (SPV): an active approach to defending software defined networks against topology poisoning attacks, in European Symposium on Research in Computer Security (Springer, Berlin, 2018), pp. 463–484
Amazon Web Services, Security at scale: logging in AWS. Technical report, Amazon (2013)
N. Bjørner, K. Jayaraman, Checking cloud contracts in Microsoft Azure, in Distributed Computing and Internet Technology (Springer, Berlin, 2015)
S. Bleikertz, C. Vogel, T. GroĂŸ, Cloud Radar: near real-time detection of security failures in dynamic virtualized infrastructures, in Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC) (ACM, New York, 2014), pp. 26–35
S. Bleikertz, C. Vogel, T. GroĂŸ, S. Mödersheim, Proactive security analysis of changes in virtualized infrastructures, in Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC) (ACM, New York, 2015), pp. 51–60
Cloud Security Alliance, CSA STAR program and open certification framework in 2016 and beyond (2016). https://downloads.cloudsecurityalliance.org/star/csa-star-program-cert-prep.pdf. Accessed 14 Feb 2018
F.H.-U. Doelitzscher, Security audit compliance for cloud computing. Ph.D. Thesis, Plymouth University (2014)
F. Doelitzscher, C. Fischer, D. Moskal, C. Reich, M. Knahl, N. Clarke, Validating cloud infrastructure changes by cloud audits, in Eighth World Congress on Services (SERVICES) (IEEE, Piscataway, 2012), pp. 377–384
E. Dolzhenko, J. Ligatti, S. Reddy, Modeling runtime enforcement with mandatory results automata. Int. J. Inf. Sec. 14(1), 47–60 (2015)
S.N. Foley, U. Neville, A firewall algebra for OpenStack, in Conference on Communications and Network Security (CNS) (IEEE, Piscataway, 2015), pp. 541–549
N. Ghosh, D. Chatterjee, S.K. Ghosh, S.K. Das, Securing loosely-coupled collaboration in cloud environment through dynamic detection and removal of access conflicts. IEEE Trans. Cloud Comput. 4, 1 (2014)
A. Gouglidis, I. Mavridis, domRBAC: an access control model for modern collaborative systems. Comput. Secur. 31, 540–556 (2012)
A. Gouglidis, I. Mavridis, V.C. Hu, Security policy verification for multi-domains in cloud systems. Int. J. Inf. Sec. 13(2), 97–111 (2014)
S. Hong, L. Xu, H. Wang, G. Gu, Poisoning network visibility in software-defined networks: new attacks and countermeasures, in Proceedings of 2015 Annual Network and Distributed System Security Symposium (NDSS’15) (2015)
IBM, Safeguarding the cloud with IBM security solutions. Technical Report, IBM Corporation (2013)
Z. Ismail, C. Kiennert, J. Leneutre, L. Chen, Auditing a cloud provider’s compliance with data backup requirements: a game theoretical analysis. IEEE Trans. Inf. Forensics Secur. 11(8), 1685–1699 (2016)
H. Kai, H. Chuanhe, W. Jinhai, Z. Hao, C. Xi, L. Yilong, Z. Lianzhen, W. Bin, An efficient public batch auditing protocol for data security in multi-cloud storage, in 8th ChinaGrid Annual Conference (ChinaGrid) (IEEE, Piscataway, 2013), pp. 51–56
J. Ligatti, L. Bauer, D. Walker, Run-time enforcement of nonsafety policies.ACM Trans. Inf. Syst. Secur. 12(3), 19 (2009)
J. Ligatti, S. Reddy, A theory of runtime enforcement, with results, in European Symposium on Research in Computer Security (ESORICS) (Springer, Berlin, 2010), pp. 87–100
Z. Lu, Z. Wen, Z. Tang, R. Li, Resolution for conflicts of inter-operation in multi-domain environment. Wuhan Univ. J. Nat. Sci. 12(5), 955–960 (2007)
Y. Luo, W. Luo, T. Puyang, Q. Shen, A. Ruan, Z. Wu, OpenStack security modules: a least-invasive access control framework for the cloud, in IEEE 9th International Conference on Cloud Computing (CLOUD) (2016)
T. Madi, S. Majumdar, Y. Wang, Y. Jarraya, M. Pourzandi, L. Wang, Auditing security compliance of the virtualized infrastructure in the cloud: application to OpenStack, in Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy (CODASPY) (ACM, New York, 2016), pp. 195–206
T. Madi, Y. Jarraya, A. Alimohammadifar, S. Majumdar, Y. Wang, M. Pourzandi, L. Wang, M. Debbabi, ISOTOP: auditing virtual networks isolation across cloud layers in OpenStack. ACM Trans. Privacy Secur. 22, 1 (2018)
S. Majumdar, T. Madi, Y. Wang, Y. Jarraya, M. Pourzandi, L. Wang, M. Debbabi, Security compliance auditing of identity and access management in the cloud: application to OpenStack, in 7th International Conference on Cloud Computing Technology and Science (CloudCom) (IEEE, Piscataway, 2015), pp. 58–65
S. Majumdar, Y. Jarraya, T. Madi, A. Alimohammadifar, M. Pourzandi, L. Wang, M. Debbabi, Proactive verification of security compliance for clouds through pre-computation: application to OpenStack, in European Symposium on Research in Computer Security (ESORICS) (Springer, Berlin, 2016), pp. 47–66
S. Majumdar, Y. Jarraya, M. Oqaily, A. Alimohammadifar, M. Pourzandi, L. Wang, M. Debbabi, Leaps: learning-based proactive security auditing for clouds, in European Symposium on Research in Computer Security (ESORICS) (Springer, Berlin, 2017), pp. 265–285
S. Majumdar, T. Madi, Y. Wang, Y. Jarraya, M. Pourzandi, L. Wang, M. Debbabi, User-level runtime security auditing for the cloud. IEEE Trans. Inf. Forensics Secur. 13(5), 1185–1199 (2018)
S. Narain, Network configuration management via model finding, in Proceedings of the 19th Conference on Large Installation System Administration Conference (LISA) (2005), p. 15
OpenStack, OpenStack congress (2015). https://wiki.openstack.org/wiki/Congress. Accessed 14 Feb 2018
D. Petcu, C. Craciun, Towards a security SLA-based cloud monitoring service, in Proceedings of the 4th International Conference on Cloud Computing and Services Science (CLOSER) (2014), pp. 598–603
F.B. Schneider, Enforceable security policies. Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
R. Skowyra, L. Xu, G. Gu, T. Hobson, V. Dedhia, J. Landry, H. Okhravi, Effective topology tampering attacks and defenses in software-defined networks, in Proceedings of the 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’18) (2018)
M. Solanas, J. Hernandez-Castro, D. Dutta, Detecting fraudulent activity in a cloud using privacy-friendly data aggregates. Technical Report, arXiv preprint (2014)
A. Tabiban, S. Majumdar, L. Wang, M. Debbabi, Permon: an openstack middleware for runtime security policy enforcement in clouds, in Proceedings of the 4th IEEE Workshop on Security and Privacy in the Cloud (SPC 2018) (2018)
B. Tang, R. Sandhu, Extending openstack access control with domain trust, in Network and System Security (Springer, Berlin, 2014), pp. 54–69
K.W. Ullah, A.S. Ahmed, J. Ylitalo, Towards building an automated security compliance tool for the cloud, in 12th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (IEEE, Piscataway, 2013), pp. 1587–1593
C. Wang, S.S. Chow, Q. Wang, K. Ren, W. Lou, Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Comput. 62(2), 362–375 (2013)
Y. Wang, T. Madi, S. Majumdar, Y. Jarraya, M. Pourzandi, L. Wang, M. Debbabi, Tenantguard: scalable runtime verification of cloud-wide vm-level network isolation, in Proceedings of 2017 Annual Network and Distributed System Security Symposium (NDSS’17) (2017)
Y. Wang, Q. Wu, B. Qin, W. Shi, R.H. Deng, J. Hu, Identity-based data outsourcing with comprehensive auditing in clouds. IEEE Trans. Inf. Forensics Secur. 12(4), 940–952 (2017)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Majumdar, S. et al. (2019). Literature Review. In: Cloud Security Auditing. Advances in Information Security, vol 76. Springer, Cham. https://doi.org/10.1007/978-3-030-23128-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-23128-6_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23127-9
Online ISBN: 978-3-030-23128-6
eBook Packages: Computer ScienceComputer Science (R0)