Zusammenfassung
Die dynamische Zertifizierung befindet sich noch in ihrem Anfangsstadium. Um herauszufinden, welche Methodiken und Techniken zur (teil-) automatisierten Überwachung und Auditierung genutzt werden können, haben wir ein umfangreiches Literaturreview durchgeführt. In diesem Kapitel werden sechs Cluster vorgestellt, welche unterschiedliche Methodiken und Techniken enthalten. Wir stellen die Methodiken und Techniken kurz vor, und diskutieren ihre Anwendbarkeit im Rahmen einer dynamischen Zertifizierung.
Dynamic certification of cloud services is still in its infancy, thus, we performed a systematic literature review to identify automated monitoring and auditing methods that are applicable in the context of cloud computing. Our study yields a set of automated methods for continuous monitoring and auditing in six clusters. We discuss the identified methods in terms of their applicability to address major concerns about cloud computing and how the methods can aid to continuously audit cloud environments. We thereby provide paths for future research to implement continuous auditing in cloud service contexts.
Preview
Unable to display preview. Download preview PDF.
Literaturverzeichnis
Alles M, Brennan G, Kogan A, Vasarhelyi MA (2006) Continuous Monitoring of Business Process Controls: A Pilot Implementation of a Continuous Auditing System at Siemens. International Journal of Accounting Information Systems 7 (2):137–161.
Best PJ, Mohay G, Anderson A (2004) Machine-independent Audit Trail Analysis‐A Tool for Continuous Audit Assurance. Intelligent Systems in Accounting, Finance and Management 12 (2):85–102.
Chen Y (2004) Continuous Auditing Using a Strategic-systems Approach. Internal Auditing 19 (3):31–36.
Chieu TC, Singh M, Tang C, Viswanathan M, Gupta A (2012) Automation System for Validation of Configuration and Security Compliance in Managed Cloud Services. In: Proceedings of the Ninth International Conference on e-Business Engineering (ICEBE), New York, NY, USA, 2012. pp 285–291.
Chou CL-y, Du T, Lai VS (2007) Continuous Auditing with a Multi-Agent System. Decision Support Systems 42 (4):2274–2292.
David JS, Steinbart PJ (1999) Drowning in Data. Strategic Finance 81 (6):30–36.
Du H, Roohani S (2007) Meeting Challenges and Expectations of Continuous Auditing in the Context of Independent Audits of Financial Statements. International Journal of Auditing 11 (2):133–146.
Goel N, Kumar NVN, Shyamasundar RK (2011) SLA Monitor: A System for Dynamic Monitoring of Adaptive Web Services. In: Proceedings of the Ninth IEEE European Conference on Web Services (ECOWS). New York, NY, USA, pp 109–116.
Gonzalez J, Munoz A, Mana A (2011) Multi-layer Monitoring for Cloud Computing. In: Proceedings of the IEEE 13th International Symposium on High-Assurance Systems Engineering (HASE), Washington, DC, USA, 2011. pp 291–298.
Groomer SM, Murthy US (1989) Continuous Auditing of Database Applications: An Embedded Audit Module Approach. Journal of Information Systems 3 (2):53–69.
Jiang ZM, Hassan AE, Hamann G, Flora P (2008) An Automated Approach for Abstracting Execution Logs to Execution Events. Journal of Software: Evolution and Process 20 (4):249-267.
Kim J, Kim I, Eom YI NOPFIT: File System Integrity Tool for Virtual Machine Using Multi-byte NOP Injection. In: Proceedings of the International Conference on Computational Science and Its Applications (ICCSA), New York, NY, USA, 2010. pp 335–338.
Ko RKL, Jagadpramana P, Lee B-S Flogger (2011) A File-Centric Logger for Monitoring File Access and Transfers within Cloud Computing Environments. In: Proceedings of the IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), New York, NY, USA, 2011a. pp 765–771.
Ko RL, Lee B, Pearson S (2011b) Towards Achieving Accountability, Auditability and Trust in Cloud Computing. In: Abraham A, Mauri J, Buford J, Suzuki J, Thampi S (eds) Advances in Computing and Communications, vol 193. Springer Berlin Heidelberg, pp 432–444
Koschorreck G (2011) Automated Audit of Compliance and Security Controls. In: Proceedings of the Sixth International Conference on IT Security Incident Management and IT Forensics (IMF), Stuttgart, Germany, 2011. pp 137–148.
Kung HT, Lin C-K, Vlah D (2011) CloudSense: Continuous Fine-grain Cloud Monitoring with Compressive Sensing. In: Proceedings of the 3rd USENIX Conference on Hot Topics in Cloud Computing, Berkeley, CA; USA, 2011. pp 21-27.
Lamparter S, Luckner S, Mutschler S (2007) Formal Specification of Web Service Contracts for Automated Contracting and Monitoring. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences (HICCS), Waikoloa, Big Island, Hawaii, 2007. pp 1–10.
Lang M, Wiesche M, Krcmar H (2016) What Are the Most Important Criteria for Cloud Service Provider Selection? A Delphi Study. In: Proceedings of the 24th European Conference on Information Systems (ECIS 2016), Istanbul, Turkey, 2016. pp 1-18.
Lang M, Wiesche M, Krcmar H (2017) Conceptualization of Relational Assurance Mechanisms - A Literature Review on Relational Assurance Mechanisms, Their Antecedents and Effects. In: Proceedings der 13. Internationalen Tagung Wirtschaftsinformatik (WI 2017), St. Gallen, Switzerland, 2017. pp 852-866.
Li S-H, Huang S-M, Lin Y-CG (2007) Developing a Continuous Auditing Assistance System Based on Information Process Models. Journal of Computer Information Systems 48 (1):2–13.
Lins S, Grochol P, Schneider S, Sunyaev A (2016a) Dynamic Certification of Cloud Services: Trust, but Verify! IEEE Security and Privacy 14 (2):67–71.
Lins S, Schneider S, Sunyaev A (2016b) Trust is Good, Control is Better: Creating Secure Clouds by Continuous Auditing. IEEE Transactions on Cloud Computing (forthcoming). doi:10.1109/tcc.2016.2522411.
Lins S, Thiebes S, Schneider S, Sunyaev A (2015) What is Really Going on at Your Cloud Service Provider? In: Proceddings of the 48th Hawaii International Conference on System Science (HICSS 2015), Kauai, Hawaii, USA, 2015. pp 1-10.
Liu C, Chen J, Yang L, Zhang X, Yang C, Ranjan R, Ramamohanarao K (2013a) Authorized Public Auditing of Dynamic Big Data Storage on Cloud with Efficient Verifiable Fine-grained Updates. IEEE Transactions on Parallel and Distributed Systems 25 (9):2234-2244.
Liu C, Ranjan R, Zhang X, Yang C, Georgakopoulos D, Chen J (2013b) Public Auditing for Big Data Storage in Cloud Computing. In: Proceedings of the 2013 IEEE 16th International Conference on Computational Science and Engineering, Sydney, Australia 2013b. pp 1128–1135.
Liu Q, Weng C, Li M, Luo Y (2010) An In-VM Measuring Framework for Increasing Virtual Machine Security in Clouds. IEEE Security & Privacy 8 (6):56–62
Lunt TF (1993) A Survey of Intrusion Detection Techniques. Computers & Security 12 (4):405–418.
Murthy US, Groomer SM (2004) A Continuous Auditing Web Services Model for XML-based Accounting Systems. International Journal of Accounting Information Systems 5 (2):139–163.
Perols JL, Murthy US (2012) Information Fusion in Continuous Assurance. Journal of Information Systems 26 (2):35–52.
Rahman ZU, Hussain OK, Hussain FK (2014) Time Series QoS Forecasting for Management of Cloud Services. In: Proceedings of the Ninth International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), Guangzhou, China, 2014. pp 183-190.
Shaikh JM (2005) E-commerce Impact. Managerial Auditing Journal 20 (4):408–421.
Vasarhelyi M, Halper FB (1991) The Continuous Audit of Online Systems. Auditing: A Journal of Practice and Theory 10 (1):1–18.
Vasarhelyi MA, Alles MG, Kogan A, O’Leary D (2004) Principles of Analytic Monitoring for Continuous Assurance. Journal of Emerging Technologies in Accounting 1 (1):1–21.
Wang B, Li B, Li H (2013) Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud IEEE Transactions on Services Computing 8 (1):92 - 106.
Wang Q, Wang C, Ren K, Lou W, Li J (2011) Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing. IEEE Transactions on Parallel and Distributed Systems 22 (5):847–859.
Wei L, Zhu H, Cao Z, Dong X, Jia W, Chen Y, Vasilakos AV (2014) Security and Privacy for Storage and Computation in Cloud Computing. Information Sciences 258:371-386.
Woodroof J, Searcy D (2001) Continuous Audit Implications of Internet Technology: Triggering Agents Over the Web in the Domain of Debt Covenant Compliance. In: Proceedings of the 34th Annual Hawaii International Conference on System Sciences, Maui, HI, USA,, 2001. pp 1-10.
Wu F, Zhao Z, Ye X (2008) A New Dynamic Network Monitoring Based on IA. In: Proceedings of the International Symposium on Computer Science and Computational Technology (ISCSCT), New York, NY, USA, 2008. pp 637–640.
Yang K, Jia X (2012) Data Storage Auditing Service in Cloud Computing. World Wide Web 15 (4):409–428.
Yang K, Jia X (2013) An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing. IEEE Transactions on Parallel and Distributed Systems 24 (9):1717–1726.
Zhu Y, Ahn G-J, Hu H, Yau SS, An HG, Hu C-J (2013) Dynamic Audit Services for Outsourced Storages in Clouds. IEEE Transactions on Services Computing 6 (2):227–238.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Fachmedien Wiesbaden GmbH
About this chapter
Cite this chapter
Lins, S., Thiebes, S., Sunyaev, A. (2018). Status Quo: Eine vergleichende Analyse von Methodiken und Techniken zur kontinuierlichen Überprüfung von Cloud-Services. In: Krcmar, H., Eckert, C., Roßnagel, A., Sunyaev, A., Wiesche, M. (eds) Management sicherer Cloud-Services. Springer Gabler, Wiesbaden. https://doi.org/10.1007/978-3-658-19579-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-658-19579-3_14
Published:
Publisher Name: Springer Gabler, Wiesbaden
Print ISBN: 978-3-658-19578-6
Online ISBN: 978-3-658-19579-3
eBook Packages: Business and Economics (German Language)