ContentslistsavailableatScienceDirect

International Journal of Information Management

j o u r n a l ho me p ag e:w w w . e l s e v i e r . c o m / lo c a t e / i j i n f o m g t

Data and infrastructure security auditing in cloud computing environments

Hassan Rasheed

^∗

TaifUniversityDeanshipofInformationTechnology,SaudiArabia

a r t i c l e i n f o

Articlehistory:

Availableonline3December2013

Keywords:

Cloudcomputing Securityaudit Dataintegrity Standardscompliance

a b s t r a c t

Formanycompaniestheremainingbarrierstoadoptingcloudcomputingservicesarerelatedtosecurity.

Oneofthesesignificantsecurityissuesisthelackofauditabilityforvariousaspectsofsecurityinthe cloudcomputingenvironment.Inthispaperwelookattheissueofcloudcomputingsecurityauditing fromthreeperspectives:userauditingrequirements,technicalapproachesfor(data)securityauditing andcurrentcloudserviceprovidercapabilitiesformeetingauditrequirements.Wealsodividespecific auditingissuesintotwocategories:infrastructuresecurityauditinganddatasecurityauditing.Wefind ultimatelythatdespiteanumberoftechniquesavailabletoaddressuserauditingconcernsinthedata auditingarea,cloudprovidershavethusfaronlyfocusedoninfrastructuresecurityauditingconcerns.

©2013ElsevierLtd.Allrightsreserved.

1. Introductionandmotivation

CloudcomputinghasbecomeoneofthedominantITparadigms ofthecurrentage:fulfillingtheneedofusersfordynamic,high- capacity computing capabilities in diverse applicationssuch as businessintelligenceanddataarchivingwhileessentiallycreat- ingbusinessvalueforcloudprovidersoutof(whatwasatleast initially)surpluscomputingresources.Withallemergingtechnolo- gies,however,thelongevityoftheparadigmwillbedeterminedby thewayinwhichcertainchallengesaremet.

Oneof those chiefchallenges for cloudcomputing, and one whichhasmademanyorganizationshesitanttoadoptcloudsolu- tionsissecurity.TheEuropeanNetworkandInformationSecurity Agency(ENISA,2009)surveyedconcernsregardingcloudcomput- ingsecurityand among thetopten risks,two ofthem (loss of governanceandcompliancerisks)weretracedtothesamevul- nerability:namely,thatauditisnotavailabletocustomers.Within thecontextofcloudcomputing,therefore,thetermsecurityaudit- ingactuallyentailstwoseparateissues:thefirstishavingthecloud providertakeappropriatemeanstoensurethatdataorinfrastruc- tureissecure(the‘security’);thesecondismakingitpossiblefor thecustomertoverifythatthosesecuritycontrolsareindeedin placeandworkingaspromised(the‘auditing’).Itispossiblethata CloudServiceProvider(CSP)couldhavethefirstwithoutthesec- ond(securitywithnoauditing).Forexample:acloudproviderthat attemptstoensuredataintegritythroughtheuseofbackups.The

∗Tel.:+966536895637.

E-mailaddress:hsrasheed@acm.org

controlisinplacebuttheusermayhavenowaytoeasilyverify orauditthebackupsthatthecloudproviderismaking.Auditisan importantconcernbecauseitisameansthroughwhichthecus- tomercanattesttothewayinwhichtheirtechnologyresources arebeinghandled.Ourdiscussionofsecurityauditingwillfocuson customerandthird-partyauditingofcloudprovidersecuritycon- trolsandmethods–notonthemoregeneralissuesofcloudsecurity ortechnologyauditing.

Inthis paper,wewillattempttolookat thegeneralsubject ofcloudsecurityauditingwiththeaimofprovidinganswersto thefollowingcriticalquestions:(1)whatarethespecificauditing concernswhichmustbeaddressedtoensurebroaderadoptionof cloudcomputingtechnologies,(2)whatisthecurrentstateofcloud auditincurrentofferingsand(3)howmanyofthelingeringaudit issuescouldberesolvedusingexistingresearchapproachesand howmanydemandstillfurtherwork.Inordertodothat,wewill examineuserrequirementsforcloudauditingsecurityalongwith someoftheexistingresearchsolutionstogetanideaofwhatcould realisticallybeintegratedin cloudauditingsecurityin thenear future(asopposedtomoreunresolvedissuesthatwillrequiremore long-termsolutions).Thesetwowillbecontrastedagainstwhat cloudserviceprovidersarecurrentlyoffering(i.e.vendorsolutions forcloudsecurityauditing).

Inouranalysis,wewilllookatauditissueswhichcouldpoten- tially arise in all of the various cloudofferings: Software as a Service,PlatformasaService,StorageasaServiceandInfrastruc- tureasaService.Wewillsubdividetheseconcerns,however,into infrastructuresecurityauditinganddatasecurityauditing.Infra- structuresecurityisimportanttoallofthedifferentcloudservice layers:a customerdevelopinganapplicationonaCSPprovided 0268-4012/$–seefrontmatter©2013ElsevierLtd.Allrightsreserved.

http://dx.doi.org/10.1016/j.ijinfomgt.2013.11.002

developmentstack,forinstance,mayhavethesameconcernsabout howvirtualmachineimagesandsnapshotsarestoredasacustomer whoisusingcompletevirtualservers.

Datasecurityissues,however, willbemostcritical forthose users above the infrastructure level: users relying on cloud databases,softwaredevelopmentplatforms,orcompleteapplica- tions.Ifacloudcustomerhastheirownvirtualcloudinfrastructure theninmostcasestheywillhavetheabilitytoimplementtheirown systemstoensuredataauditabilitybecausetheyhavecomplete virtualizedserversanddirectaccesstoinstallorsetupwhatever applicationstheydesire.Itiswhentheuserdoesnothavethatlevel ofaccess–andconsequentlymuchofwhathappenstotheirdata istransparent–thattheirismoreplanningnecessarytomaintain auditability.

2. Userrequirementsforcloudsecurityauditing

Wedividethebroadscopeofusersecurityneedswithrespectto cloudcomputingauditingintotwosub-areas:infrastructuresecu- rityanddataauditing.Theinfrastructureauditingconcernsdeal withthesystemsthatareusedtoprocessdataandthesecurity controlsthatareinplacetoprotectthosesystems.Theseconcerns aredistinguishedbybeingagnostictotheactualnatureofthebusi- nessorworkbeingperformedandmerelyensuringthatasecure environmentisavailableforbusinesstobeconducted.Dataaudit- ingconcernshavetodowiththepreservationofthedataitself:its confidentiality,integrityandavailability.Thedataisdistinguished bybeingtheinformationthatisstoredandprocessedontheinfra- structuresystemsmentionedpreviouslyandisinherentlytiedto thenatureofthebusinessitself.

2.1. Infrastructureauditingneeds

BecauseoverallsecurityintheITindustryisfrequentlydriven bybestpracticestandards,userconcernsforcloudinfrastructure securityalsoseemtobedrivenbythosestandards.Twoofthemost widelyusedandimportantstandardsforenterpriseinfrastructure securityareInternationalStandardsOrganizationsecuritystandard (ISO27001)InternationalOrganizationforStandardization(ISO) (n.d.)andPaymentCardIndustryDataSecurityStandard(PCIDSS) PCIStandardsSecurityCouncil(2010).

2.1.1. Paymentcardindustrydatasecuritystandard

PCIDSS(PCIStandardsSecurityCouncil,2010)isafrequently usedsecuritystandardinITbecauseachievingcertificationisapre- requisitetobeingabletohandlecustomercreditcardinformation.

Thestandardconsistsof11corerequirementsinsixmainareas:

buildingandmaintainingasecurenetwork,protectingcardholder data,maintaining a vulnerability management program, imple- mentingstrongaccesscontrolmeasures,regularlymonitoringand testingnetworksandmaintaininganinformationsecuritypolicy.

Organizationswishing to gain certification against therequire- mentsofthis standard mustgetanassessment fromasecurity specialistapprovedbyPCIDSS.

Because of the ambiguity of previous versions of PCI DSS regarding virtualization and multi-tenancy, version 2.0 (PCI StandardsSecurityCouncil,2010), waschangedtoclarifythese issues.Inparticular,the2.0standardestablishesthatvirtualcom- ponentsarealsoincludedundertheheadingofsystemcomponents towhichthestandardapplies.Italsochangedthepreviousrequire- mentthateachserverimplementonlyoneprimaryfunction,sothat itnowallowsforasinglehardwareservertohostmultiplevirtual machineswithdifferentfunctionsaslongaseach ofthevirtual machineshasonlyoneprimaryfunction.Thisisacriticalchangeto allowmerchantstobecomePCIcertifiedusingmulti-tenantcloud offerings.

Despitethesechanges,however,there remainaspects ofthe standardwhichmaybedifficultforcloudcustomerstomeet.In discussinganarchitectureforsecurityin publiccloudofferings, the authors in Prafullchandra et al. (2011) outline risk factors for eachof thecorePCI DSSprovisions.These riskfactorshave beendiscussedindetailinRasheed(2011),butwewillsumma- rizethemostsignificantofthemintosevencategories:virtualized networkdevicesrequiringgreaterdocumentationtodemonstrate effectivenetworkseparation,automaticallyprovisionedsystems usingdefaultsettings(risksfromtwocoreareasfallintothiscat- egory),exposureofvolatilememorywhenit iswrittentodisk, disclosureofprivatedataonpublicnetworks,managingvulner- abilitypatchingondynamicvirtualsystems,hypervisor-resident accesscontrolmethods(risksfromthreedifferentcoreareasfall intothiscategory)and maintainingaudittracesforallmachine activity.

Oftheseconcernssomeareeasiertoresolvethanothers.We willdividetheseconcernsintothreetypesbasedonthedifficultyof resolution:easy,moderateanddifficult.Thefirstone,forinstance, requiringgreaterdocumentationforeffectivenetworkseparation wouldmerelyrequirethecooperationofthecloudserviceprovider (CSP) in allowingaccess tosome oftheir network architecture diagrams.Andbecausethere areCSPsbeginningtothissuchas Amazon(aswillbediscussedin detailinanupcomingsection), thereisarelativelysimpleresolutiontothisrisk.Thesecondrisk regardingautomaticsystemprovisioningisalsoeasytoresolve:

thecloudcustomermerelyneedstousetheservicesofaprovider whichallowscustomerstoimporttheirowncustomizedimages tocreatevirtualmachines,ratherthanusingbaseimagesprovided bytheCSP.Theriskofvolatilememorybeingwrittentothediskis actuallynotspecifictovirtualmachines(althoughitismorepreva- lent):manymodernoperatingsystemshavethecapabilityfora usertosuspendthesession,writingvolatilememorytodiskand poweringoffthemachine.Theriskishigherwithvirtualization, however,becauseasingleservermayberesponsibleformanag- ingsnapshotsofmanyvirtualmachines.Theresolutiondifficulty forthisriskisthereforemoderatebecausethemanaginghyper- visor willneedtobeone that supportsgranularaccesscontrol forvirtualmachinesandencryptsbackups.Theriskofdisclosing privatedatais alsoeasy toresolve, becausethecardprocessor cansimplyensurethatalldatatransmittedoverthenetworkis encrypted.Theremaybesomeneedtodeterminewhatconstitutes a‘publicnetwork’iftherearemultiplevirtualmachinesrunning onapubliccloudhost,but intheworstcasetheprocessorcan satisfytherequirementbyencryptingtrafficevenbetweenpeer servers.

Managingvulnerabilitypatchingcouldbehandledeasilyifthe individualmachinesareresponsibleforpullingtheirownupdates using the service provided by a specific operating system (e.g.

WindowsUpdate,RedHatNetwork,etc.).If,however,thecloud customer will need to update multiple software packages and thuswantstopushupdatesandpatchestotheirvirtualmachines thiswilldependupontheconfigurationoptionstheyhavewith theirserviceprovider.DependingontheCSPthiscouldbeadif- ficult risk to resolve optimally. There are, however, CSPs such as IBM(IBM, n.d.)that do offer privatepatch servers.The risk regardinghypervisor-residentaccesscontrolisofmoderatediffi- cultytoresolve:thecustomerwillneedtoensurethattheCSPthey areusinghasanaccesscontrolsysteminplacewherebyaccesspriv- ilegesarelimitedbyjobfunctionandthataccesstothehypervisor andvirtualmachinesaregovernedbythataccesscontrolsystem.

Lastly,thesecurityriskfordataloggingisalsoofmoderatedifficulty toresolve:thecloudcustomermustensurethatthehypervisorrun- ningtheirvirtualmachineshasloggingcapability,thatitisenabled andthatthoselogscouldbeobtainedifneededforcertification purposes.

2.2. Dataauditingneeds

Wewillfocusonfouressentialdatachallengesthatfallunderthe topicofdatasecurityauditing:dataintegrity,dataconfidentiality, datalineage,dataprovenanceanddataremnance.Dataintegrity meansthe“thepreservationofdatafromunauthorizedchanges”

(Mather,Kumaraswamy&Latif,2009)andthismustbeensuredfor bothdataresidinginastoragemediumorbeingtransferredover thenetwork.Dataconfidentialityistheneedforusersto“preserve datafromunauthorizeddisclosure”(Matheretal.,2009):thisprop- ertymustalsobeachievedfordataresidentinastoragemedium andbeingtransferredoveranetwork.

Traditionally,in much of thedata processing literaturedata lineage has been used interchangeably with provenance. Bose andFrew(2005),forexampledefineslineageas“theoriginsand processinghistory,”ofobjectsandprocesses.Withinthespecific areaofcloudcomputing,however,lineagehasalsotakenonthe additionalmeaningofreferringtotheabilitytotrackexactlywhere thedatawaslocatedatanygiventimeandbeingabletofollowthe pathofdata(Matheretal.,2009).Thisisofspecialconcernincloud computingarchitecturesbecausesuchsystemsmaydynamically movevirtualizedsystemsanddataforperformanceandscalabil- ityreasonsandsomeofthedatamayhavecomplianceregulations statinginwhichgeographicareasthedatacanbestored.

DataprovenanceisdefinedinMatheretal.(2009)astheabil- itytodemonstratethatthedataiscomputationallyaccurateand wascorrectlycalculatedbasedonacertaindelineatedmethod.In Simmhan,PlaleandGannon(2005)itisdefinedas“...information thathelpsdeterminethederivationhistoryofadataproduct,start- ingfromitsoriginalsources,”whichincludesbothprecedingdata elementsusedinthederivationaswellasthederivationprocess.

Thisissueismorecomplexthanintegritybecauseitalsoencom- passesensuringandverifyingthatchangesmadeinanauthorized mannerarefundamentallycorrect.

Dataremnanceisthepossibilitythatsomeresidualportionsof datamayremainafteritwaserasedor removed(Matheretal., 2009). The risk is that such remnants could be inadvertently exposedtoaunauthorizedthirdparty.Itisthereforeaconfiden- tialityissue,butfocusedonretainingtheconfidentialityofdata whichwasintendedtoberemoved.

3. Techniquesfordatasecurity

Intheprevioussection,weprovidedanoverviewoftheimpor- tantissues indataauditingwhich maybeofconcernforcloud serviceusers.Inthissectionweprovideabriefoverviewofsome ofthe recent techniquesproposedin those same areasof data auditing.Specialattentionwillbegiventoapproachesspecifically proposedforuseincloudenvironmentsorwhichcouldbeeasily adaptedtocloudenvironments.

3.1. Dataconfidentialityandintegrity

Cryptographyis a toolfrequentlyusedtoensuredata confi- dentiality,privacyandintegrity.IndiVimercati,Foresti,Jajodia, ParaboschiandSamarati(2007)theauthorsdesignanaccesscon- trolsystemforuseinoutsourceddatastorage(suchasstorageas aserviceofferings)thatreliesonissuingcryptographicallyderived accesstokenstousers.Anumberofapproachesalsoproposetech- niquesforqueryingandsearchingdatathatresidesencryptedon thecloudserver(Cao,Wang,Li,Ren&Lou,2011;Lietal.,2010;

Wang,Cao,Li,Ren&Lou,2010).

Therehasalsobeensomerecentworkonapplyingtheconcepts ofremotedataintegritycheckingtoenableastoragecustomerto verifytheintegrityoftheirdatastoredinapubliccloud.InWang

etal.(2010),Wang,Chow,Wang,RenandLou(2011)andWang, Wang,Ren,LouandLi(2011),theauthorsdevelopanapproachfor privacy-preservingthirdpartydataintegritycheckingthatrelieson achallengeprotocoltoverifypre-calculatedcryptographichashes offilesegments;theproposedschemealsosupportsbatchdata auditing.Zhuetal.(2011)proposesasimilarintegritychecking mechanismbutassumestheThirdPartyAuditor(TPA)asatrustable delegateoftheoriginaldataownerandthusdoesnotprovidecon- trolsforpreventingtheoriginaldatacontentsfrombeingdisclosed totheTPA.

3.2. Dataremnance

Dataremnanceinthecloudhasreceivedverylittleattention comparedtotheotherusersecurityconcerns.Therehasbeensome workonproofsofsecureerasurewithmobileembeddeddevices (Karvelas,2013;Perito&Tsudik,2010).Manyofassumptionsused bysuchproofs,however–suchasassumingthatthestoragedevice hasfixedmemoryofknownsize–donotholdforthecloudscenario andthusthereisstillmuchworkrequiredondataremnance.Inlieu ofsuchapproaches,therefore,theassumptionofthecloudprovider asanuntrustedagentisevenmoresignificant:iferasurecannotbe provenandtheclienthasnoaccesstothestoragemediumthenit becomesevenmoreimportantthatthedatawhichisgiventothe CSPisinencryptedformtobeginwith.

3.3. Datalineageandprovenance

InSimmhanetal.(2005)theauthorspresentasurveyofdata provenance techniquesand systems along witha taxonomy of provenanceapproaches basedonfourmainaspects: thesubject oftheprovenancedata(i.e.dataorprocess),therepresentation ofthedata,itsstorageanddissemination.Themajorityofthesys- temssurveyedweresystemsfordistributedprocessingofscientific data.Onlyone–ProvenanceAwareService-orientedArchitecture (PASOA)(Groth,Luck&Moreau,2005)–proposesanopenpro- tocolfordataprovenancethatcouldpotentiallybeleveragedfor provenanceinfrastructuresinthecloudcomputingdomain.Among othercapabilities,thesystemsupportscollectingdataontheinputs andoutputsofserviceinvocationwhichmustbeagreeduponby boththeclientandtheserviceprovider.Allprovenancemessages areassignedauniqueIDwhichcanbeusedtoconstructaprocess orientedprovenancetraceoftheoriginalworkflow.

InBoseandFrew(2005)asurveyofdatalineage/provenance approachesispresented,inwhichtechniquesareclassifiedbased onhowchangesareintroducedintothedata:commandlinebase dataprocessing,scriptandprogram-baseddataprocessing,work- flowsystembaseddataprocessing,query-baseddataprocessing andservice-baseddataprocessing.However,theissueoftracking thephysicallocationwheredatawasprocessedwasnotdiscussed inthesurveyedapproachesandthusthisaspectofdatalineagehas yettobeaddressedwithapproachescompatiblewiththecloud computingenvironment.However,judgingbythebreadthofthe availableapproachesforgeneraldataprovenance,extensiontoalso collectdataaboutthephysicallocationoftheprocessingserver shouldbeastraight-forwardmodification.

4. Providersecuritycapabilities

4.1. Securityandcomplianceatleadingcloudproviders

IndeterminingthespectrumofCSPsecurityofferings,welooked atthetoptenpubliccloudstorageprovidersbasedona recent surveybyGartner(Ruth&Chandrasekaran,2012):AmazonWeb Services, AT&T, Google, HP, IBM, Internap, Microsoft, Nirvanix, RackspaceandSoftlayer.Ofthese,allalsohadInfrastructureasa

ServiceofferingsexceptforMicrosoft(whoonlysupportsIaaSser- vicesbyprovidingsoftwaretoitsresellers)andGooglewhoseIaaS isstillinbetatestingatthetimeofwriting.

4.1.1. Infrastructuresecurity

Allofthecompanieswesurveyedprovideddetailedinforma- tion abouttheirsecurity controlsand processes aswell asthe compliancecertificationstheyhavereceivedsuchasPCIDSS,ISO 27001andSafeHarbor.Allofthecompaniesalsoprovideadditional securityservicesfortheirclientsasadd-onstothebasicservice.

Forafewofthelargertechcompaniesinthelist(HP,IBM)this includescustom-developedsecurityplatformsthataremadeavail- abletocustomers.Forexample,HPprovidesatechnicalwhitepaper (HP,n.d.)whichgivesanoverviewofitsTippingPointIPStechnol- ogywhichisprimarilyresponsibleforthesecurityofitsservers, networkhardwareand datacenters.In thepapertheyalsodis- cussaCloudArmoursolutionwhichisauser-configurableIPSand firewallforVMsrunningintheirenterpriselevelcloudoffering.

OtherproviderssuchasAmazon,AT&T,RackspaceandInternap justprovideadd-onservicessuchasmanagedfirewalls,intrusion detection/preventionoridentityandaccessmanagementasmodu- lar,independentsecurityservices.Yetanothermodelforproviding additionalsecurity serviceswastheuseof specialized partners toprovidethird-partysecurityasaservice.Softlayer,forexam- pleofferscustomersafree“PCICompliance”accountwithMcAfee Secure(aservicethatprovideswebsitemonitoringandsecurity certification).

Onlyonecompany(Amazon)supplementedthediscussionof theirownsecuritycertificationswithdetailedinformationabout howtheircustomers couldachieve standardscomplianceusing theirpubliccloudoffering.LikemostotherCSPs,theyofferapage describingtheirsecuritycontrolsandcertification;buttheygofur- therin detailingfrequently askedquestions bytheircustomers regardingPCIDSSandISO27001(AmazonWebServices,n.d.-a, n.d.-b).Theyalsooffertoprovidecustomerswithasetofdocu- mentstoassist theminobtainingtheirown certificationwhich includes: theattestationof PCI compliancefor AWS,high-level documentationsuchasthedescriptionofthein-scopeenviron- mentandmoredetaileddocumentationsuchasadetailedmatrix ofPCIDSScontrolsdescribingwhoisresponsibleforeach indi- vidualcontrol.Theyprovideageneralruleregardingthebalance betweenthesecurityresponsibilitiesofCSPandcustomerssay- ing,“fortheportionofthePCIcardholderenvironmentdeployed inAWS,your QSA(QualifiedSecurityAssessor)canrely onour validatedserviceproviderstatus,butyouwillstillberequiredto satisfyallotherPCIcomplianceandtestingrequirements,includ- inghowyoumanagethecardholderenvironmentthatyouhost withAWS”AmazonWebServices(b).AWSalsoassertsthatsev- eralcustomers have achievedPCI DSS certification, although it is not clearwhich parts of theirinfrastructure werehosted on AWS.

Also AWS offers some guidance regarding the ISO 27001 standard. However, perhaps because therequirements for that standard are more high-level, no compliance pack is made availablewhichdetailswheretheresponsibilityforcertaincon- trols lie.To illustrate this point, for example, PCI DSS requires thingssuchasthefollowing:buildingandmaintainingasecure network, protecting cardholder data, implement strong secu- rity measures and regular testing and monitoring of networks (PCI StandardsSecurityCouncil,2010).ISO 27001,ontheother hand,requiressystematicallyevaluatinginformationsecurityrisks, implementing information security controls and risk manage- ment and adopting an overarching management process for securitycontrols(InternationalOrganizationforStandardization (ISO)).

4.1.2. Datasecurity

CSPsupportforauditingdatasecurityiscurrentlyverylimited.

In fact, the only CSP supportingreal-time auditingof any sort appears tobe Amazonwith itsCloudWatch API(Amazon Web Services,n.d.)and,asdiscussedpreviouslyindetail(Park,Spetka, Rasheed,Ratazzi&Han,2012;Rasheed,2011),thisAPIonlyreally supportsauditingperformancestatisticsforvariousAWSofferings.

CloudAudit(Hoff,Johnston,Reese&Sapiro,2010),anindustry-wide efforttostandardizeonawaytopresentsecuritycompliancedoc- umentationseemstohavemadenofurtherprogressafteranRFC (requestforcomments)submittedtotheIETFin2010.Furthermore, evenbasicsupportfordatasecurityinsoftware,platformandstor- agelevelcloudofferingsisalsoverylimited.Theloneexception appearstobeAmazon’ssupportfor encryptionofdatathrough a JavaAPIfor itsS3 storage-as-a-serviceoffering.Thispartially resolvessomeconfidentiality issues,butonlyinthecasewhere thedataisnotregularlyupdated.

5. Relatedwork

In Zhou,Zhang, Xie, Qianand Zhou(2010),theauthors dis- cussthecloudsecurityissuesofavailability,confidentiality,data integrity,controlandauditinadditiontoprivacyissues.Thereisa significantdiscussionofhowvariousCSPsaremeetingthesecurity challengesofthevariousareas,especiallyfortheareasofavail- ability,confidentiality,dataintegrityandcontrol.Thediscussionof auditingchallengesismoregeneral.Theauthorsadvocateforaudit- ingtotakeplaceinasoftwarelayerwithinthevirtualoperating systemandthatsuchasystemshouldprovideminimal-overhead monitoringofeventsandlogs.

InSubashiniandKavitha(2011),asurveyispresentedofsecurity issuesarisinginserviceorientedarchitectures(andconsequently cloudcomputingplatformsbecauseoftheirrelianceonserviceori- entation).Theauthorsdividesecurityissuesbasedonthecloud servicelevelatwhichtheyoccur:SoftwareasaService,Platform asaServiceandInfrastructureasaService.Intotalfourteenbroad securityissuesareoutlinedforSoftwareasaServicecloudofferings including:datasecurity,networksecurity,dataintegrityanddata segregation.TheconcernslistedforPlatformasaServiceandInfra- structureasaServicearemoregeneral,however,andnospecific issuesaredetailed.Dataauditingisnotlistedasoneofthesecu- rityconcernsatanyservicelevelandthereisonlyabriefmention howcurrentcloudofferingsaddressthesecurityissueswhichare raised.

InChowetal.(2009)theauthorsprovideanoverviewofthe securityissuesintheareaofcloudcomputingbydividingthem intothreecategories:traditionalsecurityissuesthatarealsoprob- lematicincloudcomputing,availabilityissuesandissuesarising fromthirdpartydatacontrol.Amongthesixdatacontrolissues listedisthedifficultyofperformingaudits.Theyalsooutlinetwo researchdirectionswhichcouldbeusedtoalleviatesomeofthe datacontrolissuesandprovidevarioustypesofauditability.The firstisthenotionofatrustedmonitorresidingonthecloudserver whichcanaudittheserversactionsandprovideverifiableproofs ofcompliancetothedataowner.Thesecondisfordatatobeself- describing,self-protectingandcapableofcreatingasecurevirtual environmentfordataaccessconsistentwithanembeddedusage policy.

TheauthorsinChen,PaxsonandKatz(2010)performagen- eralanalysisofcloudcomputingsecurityissues,arguingthatmost ofthesecurityissuesrelatedtocloudcomputingwerefirstcon- frontedin themain-frame time-sharingcomputingerabutthat multi-partytrust andtheneedformutualauditabilityaresecu- rityissuesuniquetothecurrentformulationofcloudcomputing.

TheresearchpresentedbyKaufman(2009)examinessomeofthe

legalandregulatoryissuesoverwhetherthecustomerorthecloud serviceproviderisresponsibleformaintainingdatasecurityfor informationstoredinthecloud.InJansenandGrance(2011)the authorssurveythesecurityandprivacyissuesrelatedtocloudcom- putingandprovidessomeguidelinesfororganizationsconsidering utilizingcloudserviceofferings.

6. Conclusion

Despite itssignificantgrowth,there are still someobstacles tothemore widespread adoption ofcloud computingservices.

For many companies the most significant concern is security andspecificallythelackofauditability.Wehaveexaminedcloud computingauditingfromthreeperspectives:userauditingrequire- ments,technicalapproachesforsecurityauditingandcurrentcloud serviceprovidercapabilitiesformeetingauditrequirements.User auditing requirementswere further divided into infrastructure securityauditinganddatasecurityauditing.Many oftheinfra- structureauditingrequirementsaredrivenbytheneedtoachieve compliancewithanITsecuritystandard.Forthatreasonweprofiled theinfrastructureauditingrequirementsofthePCIDSSstandard version2.0(PCIStandardsSecurityCouncil,2010).Whilemostof therisksareeasytoovercomewiththeco-operationoftheCSPa fewsuchaspatchmanagementmaypresentchallengesdepending onuserrequirementsandproviderinfrastructureandconfigura- tion.Dataauditingissuesincludedconfidentiality,integrity,data remnance,dataprovenanceanddatalineage. Thereareanum- berofapplicableapproachesineachoftheseareaswhichcould serve the data auditing needs of cloud service users with the exceptionofdataremnancewhich appearstobeanopenissue withinpublic cloudofferings. While most of theleading cloud providershavebeguntoprovidesignificantdetailabouttheirown internalinfrastructuresecurityandcompliance,onlyonecarefully addressedquestionsregardinghowusersofpubliccloudofferings couldalsoachievestandards compliance.Unfortunately, among thecloudproviderssurveyedwedidnotfindanywithsolutions foruserdatasecurityauditing.However,becausethecloudser- vicesmarketisdrivenandshapedbycustomerdemands,ifsuch auditingfeaturesbecomeacriticalservicedifferentiatorforasuf- ficientnumberofcustomersthenCSPswilllikelybegintooffer them.

References

AmazonWebServices.(n.d.-a).AmazonCloudWatch.RetrievedFebruary2013, from:http://aws.amazon.com/cloudwatch/

AmazonWebServices.(n.d.-b).ISO27001Certification.RetrievedFebruary2013, from:https://aws.amazon.com/security/iso-27001-certification-faqs/

Amazon Web Services. (n.d.-c). PCI DSS Level 1 Compliance. Retrieved February 2013, from: https://aws.amazon.com/security/pci-dss-level-1- compliance-faqs/

Bose,R.,&Frew,J.(2005).Lineageretrievalforscientificdataprocessing:Asurvey.

ACMComputingSurveys,37(1),1–28.

Cao, N., Wang, C., Li, M., Ren, K., & Lou, W. (2011). Privacy-preserving multi-keyword ranked search over encrypted cloud data. In Proceedings IEEE INFOCOM 2011, 10–15 April 2011 (pp. 829–837). Shanghai, China:

IEEE.

Chen,Y.,Paxson,V., & Katz,R. H.(2010).Whats newabout cloudcomputing security? Technical Report UCBEECS-2010-5. Berkeley, CA, USA: Depart- ment of Electrical Engineering and Computer Sciences, University of CaliforniaatBerkeley. Retrievedfrom:http://www.eecs.berkeley.edu/Pubs/

TechRpts/2010/EECS-2010-5.html

Chow,R.,Golle,P.,Jakobsson,M.,Shi,E.,Staddon,J.,Masuoka,R.,etal.(2009).Con- trollingdatainthecloud:outsourcingcomputationwithoutoutsourcingcontrol.

InProceedingsofthe2009ACMworkshoponcloudcomputingsecurity(pp.85–90).

Chicago,IL:ACM.

diVimercati,S.D.C.,Foresti,S.,Jajodia,S.,Paraboschi,S.,&Samarati,P.(2007).

Adataoutsourcingarchitecturecombiningcryptographyandaccesscontrol.

InProceedingsofthe2007ACMworkshoponcomputersecurityarchitecture(pp.

63–69).Fairfax,VA,USA:ACM.

Groth,P.,Luck,M.,&Moreau,L.(2005).Aprotocolforrecordingprovenancein service-orientedgrids.InPrinciplesofdistributedsystems:8thInternationalcon- ference,OPODIS2004,15–17December,Grenoble,France(pp.124–129).Berlin, Heidelberg:Springer.

Hoff,C.,Johnston,S.,Reese,G.,&Sapiro,B.(2010).Cloudaudit1.0–automatedaudit, assertion,assessment,andassuranceapi(a6)(Internet-draft).Fremont,CA,USA:

IETFNetworkWorkingGroup.

HP.(n.d.).HPcloudsystem:Integratingsecuritywithhptippingpoint(techni- calwhitepaper).PaloAlto,CA,USA:Author.RetrievedFebruary2013,from:

http://h20195.www2.hp.com/V2/GetPDF.aspx/4AA4-4247ENW.pdf

IBM.(n.d.). IBM infrastructureasa service (IaaS): Details: Security. Armonk, NY,USA:Author.RetrievedFebruary2013from:http://www-935.ibm.com/

services/us/en/cloud-enterprise/tab-details-security.html

InternationalOrganizationforStandardization(ISO).(n.d.).Internationalorganiza- tionforstandardization.RetrievedJune2011,from:http://www.iso.org/

Jansen, W., & Grance, T. (2011). Guidelines on security and privacy in public cloud computing: Special Report 800-144. Gaithersburg, MD:

National Institutes of Standards and Technology (NIST). Retrieved from:

http://www.nist.gov/manuscript-publication-search.cfm?pubid=909494 Karvelas,N.P.(2013).Proofsofsecureerasure.Athens,Greece:Mastersthesis,Uni-

versityofAthens.

Kaufman,L.M.(2009).Datasecurityintheworldofcloudcomputing.IEEESecurity andPrivacy,7,61–64.

Li,J.,Wang,Q.,Wang,C.,Cao,N.,Ren,K.,&Lou,W.(2010).Fuzzykeywordsearchover encrypteddataincloudcomputing.InProceedingsIEEEINFOCOM,2010,14–19 March2010(pp.1–5).SanDiego,CA,USA:IEEE.

Mather,T.,Kumaraswamy,S.,&Latif,S.(2009).Cloudsecurityandprivacy:Anenter- priseperspectiveonrisksandcompliance.O’ReillyMedia,Inc.

Park,J.S.,Spetka,E.,Rasheed,H.,Ratazzi,P.,&Han,K.J.(2012).Near-real-time cloudauditingforrapidresponse.InAdvancedinformationnetworkingandappli- cationsworkshops(WAINA),26thinternationalconferenceon26–29March2012 (pp.1252–1257).Fukuoka,Japan:IEEE.

PCI Security Standards Council. (2010). Payment card industry (pci) data security standard – requirements and security assessment pro- cedures version 2. 0. Wakefield, MA, USA: Author. Retrieved from:

https://www.pcisecuritystandards.org/documents/pci dssv2.pdf

Perito,D.,&Tsudik,G.(2010).Securecodeupdateforembeddeddevicesviaproofs ofsecureerasure.InD.Gritzalis,B.Preneel,&M.Theoharidou(Eds.),ESORICS 2010proceedingsofthe15thEuropeanconferenceonresearchincomputersecurity 2010,Athens,Greece(pp.643–662).Berlin,Heidelberg:Springer.

Prafullchandra,H.,Owens,K.,Richter,C.,McAndrew,T.,Overbeek,D.,Chaubal, C., et al. (2011). PCI-compliant cloud reference architecture. HyTrust, Savvis, Coalfire Systems. VMWare and Cisco Systems. Retrieved from:

http://www.hytrust.com/downloads/ht wppcidssrefarch.pdf

Rasheed,H.(2011).Auditingforstandardscomplianceinthecloud:Challengesand directions.InProceedingsofthe2011internationalArabconferenceoninformation technology(ACIT2011),10–13December.Riyadh,SaudiArabia:ACIT.

Ruth,G.,&Chandrasekaran,A.(2012).Criticalcapabilitiesforpubliccloudstorage services.Stamford,CT:Gartner,Inc.Retrievedfrom:http://www.gartner.com/

technology/reprints.do?id=1-1D9C6ZM&ct=121216&st=sg

Simmhan,Y.L.,Plale,B.,&Gannon,D.(2005).Asurveyofdataprovenanceine- science.SIGMODRecord,34(3),31–36.

Subashini,S.,&Kavitha,V.(2011).Asurveyonsecurityissuesinservicedelivery modelsofcloudcomputing.JournalofNetworkandComputerApplications,34(1), 1–11.

The European Network and Information Security Agency (ENISA). (2009).

Cloudcomputing: Benefits,risks andrecommendationsfor information secu- rity. Heraklion, Greece: Author. Retrieved from: http://www.enisa.europa.

eu/act/rm/files/deliverables/cloud-computing-risk-assessment/atdownload/

fullReport

Wang,C.,Cao,N.,Li,J.,Ren,K.,&Lou,W.(2010).Securerankedkeywordsearchover encryptedclouddata.InDistributedcomputingsystems(ICDCS),2010IEEE30th internationalconferenceonJune2010(pp.253–262).IEEE.

Wang,C.,Chow,S.S.,Wang,Q.,Ren,K.,&Lou,W.(2011).Privacy-preservingpublic auditingforsecurecloudstorage.IEEETransactionsonComputers.

Wang,Q.,Wang,C.,Ren,K.,Lou,W.,&Li,J.(2011).Enablingpublicverifiability anddatadynamicsforstoragesecurityincloudcomputing.IEEETransactionson ParallelandDistributedSystems,22(5),847–859.

Zhou,M.,Zhang,R.,Xie,W.,Qian,W.,&Zhou,A.(2010).Securityandprivacyin cloudcomputing:Asurvey.InSemanticsknowledgeandgrid(SKG),2010sixth internationalconferenceon1–3November2010(pp.105–112).Beijing,China:

IEEE.

Zhu,Y.,Wang,H.,Hu,Z.,Ahn,G.J.,Hu,H.,Stephen,S.,etal.(2011).Dynamicaudit servicesforintegrityverificationofoutsourcedstoragesinclouds.InProceedings ofthe2011ACMsymposiumonappliedcomputing,SAC’11(pp.1550–1557).New York,NY,USA:ACM.

HassanRasheed,receivedhisPh.D.inComputerEngineeringfromtheUniversity ofFloridain2009.HeiscurrentlyanAssistantProfessoratTaifUniversityinTaif, SaudiArabia.HispreviousacademicandindustrialaffiliationsincludetheAirForce ResearchLab,MorganStateUniversityandtheUniversityofFlorida.Hisresearch interestsincludeinformationandnetworksecurity,businessintelligenceandtext analytics.