research-article

An architecture for cross-cloud auditing

Authors:

Rui Xie,

Rose GambleAuthors Info & Claims

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

Article No.: 4, Pages 1 - 4

https://doi.org/10.1145/2459976.2459981

Published: 08 January 2013 Publication History

Get Access

Abstract

Auditing message exchange in a cloud involves logging interactions between services that are dynamically composed to satisfy a client's request to the cloud. Additional cloud management services are needed to facilitate audit record capture of events occurring within the end-to-end round trip messaging of the composition and to analyze the resulting audit assets for security anomalies. When an external cloud, possibly in a federation, has a service needed for the task, audit assets must be conveyed back to the originating cloud for disclosure of communications and resource accesses. Otherwise, the external cloud may hide any potential vulnerabilities related to information tainting, message attacks, and resource misuse since these security risks cannot be directly assessed. In this paper, we underscore the importance of designing cross-cloud communications to retain security audit information to assess message and resource vulnerabilities and maintain federation trust. We present an architecture and a message schema for management, communication, and analysis.

References

[1]

Bell, M. 2008. Introduction to Service-Oriented Modeling. Service-Oriented Modeling: Service Analysis, Design, and Architecture. Wiley & Sons.

Digital Library

Google Scholar

[2]

Jureta, I. J., et al. 2007. Dynamic Web Service Composition within a Service-Oriented Architecture. IEEE ICWS, pp.304--311.

Crossref

Google Scholar

[3]

Lin, C., et al. 2010. A Web Services Status Monitoring Technology for Distributed System Management in the Cloud. Int'l Conf. on Cyber-Enabled Dist. Comp. & KD, pp.502--505.

Digital Library

Google Scholar

[4]

Xie, R., and Gamble, R. 2012. A Tiered Strategy for Auditing in the Cloud. IEEE CLOUD, pp. 945--946.

Digital Library

Google Scholar

[5]

Ion, M., et al. 2009. Dynamic Resources Allocation in Grid Environments. 11th Int'l Symp. Symbolic and Numeric Algorithms for Scientific Computing, pp. 213--220.

Digital Library

Google Scholar

[6]

Paraiso, F., Haderer, N., Merle, P., Rouvoy, R., and Seinturier, L. 2012. A Federated Multi-Cloud PaaS Infrastructure. IEEE CLOUD, pp. 392--399.

Digital Library

Google Scholar

[7]

Bernstein, D., et al. 2010. Intercloud Directory and Exchange Protocol Detail using XMPP and RDF. 6th IEEE World Congress on Services, pp. 431--438.

Digital Library

Google Scholar

[8]

Hale, M., and Gamble, R. 2012. SecAgreement: Advancing Security Risk Calculations in Cloud Services. 8th IEEE World Congress on Services, pp. 133--140.

Digital Library

Google Scholar

[9]

GICTF. Intercloud Interface Specification Draft. 2012; http://www.gictf.jp/doc/GICTF_CloudIF_ResourceDataModel_WhitePaper_e_20120515.pdf.

Google Scholar

[10]

Andrekanic, A., and Gamble, R. 2012. Architecting Web Service Attack Detection Handlers. IEEE ICWS, pp. 130--137.

Digital Library

Google Scholar

[11]

Sundareswaran, S., et al. 2011. Promoting Distributed Accountability in the Cloud. IEEE CLOUD, pp. 113--120.

Digital Library

Google Scholar

Cited By

View all

Hale MGamble R(2019)Semantic hierarchies for extracting, modeling, and connecting compliance requirements in information security control standardsRequirements Engineering10.1007/s00766-017-0287-524:3(365-402)Online publication date: 1-Sep-2019
https://dl.acm.org/doi/10.1007/s00766-017-0287-5
Hale MGamble MGamble R(2013)A Design and Verification Framework for Service Composition in the CloudProceedings of the 2013 IEEE Ninth World Congress on Services10.1109/SERVICES.2013.46(317-324)Online publication date: 28-Jun-2013
https://dl.acm.org/doi/10.1109/SERVICES.2013.46
Xie RGamble RAhmed N(2013)Diagnosing Vulnerability Patterns in Cloud Audit LogsHigh Performance Cloud Auditing and Applications10.1007/978-1-4614-3296-8_5(119-146)Online publication date: 1-Aug-2013
https://doi.org/10.1007/978-1-4614-3296-8_5

Index Terms

An architecture for cross-cloud auditing
1. Security and privacy
  1. Security services
    1. Authentication

Recommendations

Auditing Security Compliance of the Virtualized Infrastructure in the Cloud: Application to OpenStack
CODASPY '16: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy

Cloud service providers typically adopt the multi-tenancy model to optimize resources usage and achieve the promised cost-effectiveness. Sharing resources between different tenants and the underlying complex technology increase the necessity of ...
Towards Auditing of Cloud Provider Chains using CloudTrust Protocol
CLOSER 2016: Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 1 and 2

Although cloud computing can be considered mainstream today, there is still a lack of trust in cloud providers, when it comes to the processing of private or sensitive data. This lack of trust is rooted in the lack of transparency of the provider's data ...
Near-Real-Time Cloud Auditing for Rapid Response
WAINA '12: Proceedings of the 2012 26th International Conference on Advanced Information Networking and Applications Workshops

Due to the rapid emergence of Information Technology, cloud computing provides assorted advantages to service providers, developers, organizations, and customers with respect to scalability, flexibility, cost-effectiveness, and availability. However, it ...

Reviews

Reviewer: Zeeshan Ali Shah

Cloud computing enables on-demand, self-provisioned elastic computing. In addition to public cloud offerings, the private cloud has emerged on a wider scale and has been adopted by both the enterprise and public sectors. Several open-source middleware products have appeared for use with private cloud deployments. One challenge with these various cloud products is connectivity between different organizations. The idea of federated cloud services is new, and various research papers and projects are addressing it. There can be various levels of federation, such as authentication, accounting, and virtual machine sharing. This paper addresses the issue of how to enable federation of logging and audit records. In this scenario, a user from an organization might launch a cloud instance in a different organization. During this cross-organizational process, the user's audit records have to be maintained and transmitted back to the initiating organization for auditing. This paper deals with this problem and proposes a solution. The authors' approach is novel and the solution presented advances the field. This detailed paper will benefit cloud system administrators. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

January 2013

282 pages

ISBN:9781450316873

DOI:10.1145/2459976

Editors:
Frederick Sheldon
Oak Ridge National Laboratory
,
Annarita Giani
Los Alamos National Laboratory
,
Axel Krings
University of Idaho
,
Robert Abercrombie
Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 January 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Air Force Office of Scientific Research

Conference

CSIIRW '13

Sponsor:

Los Alamos National Labs
Sandia National Labs
DOE
Lawrence Livermore National Lab.
BERKELEYLAB
Argonne Natl Lab
Idaho National Lab.
Nevada National Security Site

CSIIRW '13: Cyber Security and Information Intelligence

January 8 - 10, 2013

Tennessee, Oak Ridge, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
442
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hale MGamble R(2019)Semantic hierarchies for extracting, modeling, and connecting compliance requirements in information security control standardsRequirements Engineering10.1007/s00766-017-0287-524:3(365-402)Online publication date: 1-Sep-2019
https://dl.acm.org/doi/10.1007/s00766-017-0287-5
Hale MGamble MGamble R(2013)A Design and Verification Framework for Service Composition in the CloudProceedings of the 2013 IEEE Ninth World Congress on Services10.1109/SERVICES.2013.46(317-324)Online publication date: 28-Jun-2013
https://dl.acm.org/doi/10.1109/SERVICES.2013.46
Xie RGamble RAhmed N(2013)Diagnosing Vulnerability Patterns in Cloud Audit LogsHigh Performance Cloud Auditing and Applications10.1007/978-1-4614-3296-8_5(119-146)Online publication date: 1-Aug-2013
https://doi.org/10.1007/978-1-4614-3296-8_5

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Auditing Security Compliance of the Virtualized Infrastructure in the Cloud: Application to OpenStack

Towards Auditing of Cloud Provider Chains using CloudTrust Protocol

Near-Real-Time Cloud Auditing for Rapid Response

Reviews

Access critical reviews of Computing literature here