Trust is Good, Control is Better: Creating .... Another criterion requires that a service desk has to ... One criterion demands providers to test software changes.
IEEE TRANSACTIONS ON CLOUD COMPUTING, TCC-2015-10-0378
Postprint Version. It may differ from the final published version.
1
Trust is Good, Control is Better: Creating Secure Clouds by Continuous Auditing Sebastian Lins, Stephan Schneider, and Ali Sunyaev —————————— ——————————
APPENDIXES Appendix A – Literature Review In previous work, Lins et al. (2015) performed a comprehensive literature review to identify (semi-)automated monitoring and auditing methods that are applicable in the context of cloud computing [1]. Their study yields a set of 22 (semi-)automated methods for continuous monitoring and auditing in six clusters. We build on their recent findings, and further extend their literature review by extending their search string, and performing a backward and forward analysis. Based on experience gained in our previous work, we extend the initial search string to include research articles in the field of computer-assisted and -aided auditing techniques and tools. Following Lins et al. (2015), we performed a scientific database search in the following databases that cover a wide range of journals and conferences (i.e., they cover the top computer science and information systems journals and conferences): AIS Electronic Library, ACM Digital Library, EBSCOhost, Emerald Insight, IEEE Xplore, ProQuest, and ScienceDirect. Each database was searched with an adjusted search string in title and keywords: (certif* OR audit* OR monitor* OR assur*) AND (continuous* OR permanent* OR dynamic* OR automat* OR realtime OR computerized OR (machine AND readable) OR (computer AND (assisted OR aided))) To assure transferability to the cloud computing context, the search was limited to sources published after 1980, because in 1981 the concept of TCP/IP was introduced [2]. Furthermore, screening of randomly sampled articles that matched the keywords and were published before 1980 did not yield relevant articles. The search was limited to peer-reviewed articles, when possible. Because of this broad search string, 10,142 articles were identified in the initial search. In order to identify possibly relevant publications, each article was assessed by analyzing title, abstract, and keywords. If any indication for relevancy appeared, the article was marked for further processing. A large number of publications from, for example, medical (e.g., glucose and heart rate monitoring), environmental (e.g., water and vegetation monitoring), sensor network (e.g., energy certification of wireless sensor networks), speech recognition (e.g., continuous speech analysis), and power supply contexts (e.g., power monitoring) were identified through the broad initial search and were then excluded, leading to a remaining set of 176 possibly relevant articles. Afterwards, the rel-
evance of the remaining 176 articles was validated in detail. Research was excluded that does not propose continuous auditing (CA) methodologies (52), is not applicable to cloud computing (13), or is off-topic (56). Moreover, duplicates (6) and non-research articles were excluded (5). This relevancy assessment led to a set of 44 relevant articles, covering all cited articles from Lins et al. (2015) as well. Furthermore, a backward and forward analysis [3] on the set of relevant articles was performed using Google Scholar. This backward search resulted in 1941 articles and the forward search yielded 2536 articles. Again, a relevancy validation was made, which led to 12 additional relevant articles. Hence, 66 relevant articles were included in the final set, representing a major increment of considered studies compared to Lins et al. (2015) that reviewed 28 articles only [1]. In contrast to Lins et al. (2015), we made a clear distinction between continuous monitoring and CA methodologies. Subsequently, we extracted 18 CA methodologies in total by reading and analyzing each relevant publication. Due to this extended literature review we were able to identify new methodologies in the context of computer-assisted auditing technologies and tools, the concept of interceptors and mining techniques for CA purposes, additional log and backup analysis techniques, and CA methodologies for shared data integrity validation. More importantly, we thoroughly analyzed identified auditing architectures in contrast to our previous work. Moreover, research by Lins et al. (2015) lacks an evaluation regarding the practical applicability in context of cloud service auditing. Therefore, we conducted three semi-structured one-on-one interviews with two security analysts and one certification consultant from CloudAuditor (see Section 3.1). These interviews lasted about 80 minutes in average, and 4 hours in total.
xxxx-xxxx/0x/$xx.00 © 200x IEEE Published by the IEEE Computer Society
2
IEEE TRANSACTIONS ON CLOUD COMPUTING, TCC-2015-10-0378
Appendix B – Criteria Delineation Existing cloud service certifications (CSC) represent only a retrospective look at the fulfillment of technical and organizational measures at the time of their issuing. CSC criteria may no longer be met throughout these validity periods. Several drawbacks have to be faced when assuring ongoing certification adherence (see Section 4). Reflecting these drawbacks, we propose a checklist (see Table 2) which supports to evaluate whether or not a CSC criterion requires a high frequency auditing, after the initial certification process. Attribute Regularity
Internal Changes
External Changes
Critical Cloud Characteristic Critical Security Criterion
Benefits due to Discontinuity Transparency
TABLE 2 CSC CRITERIA ASSESSMENT CHECKLIST Question Corresponding Drawbacks Does the criterion imply actions, Deliberate diswhich have to be performed on a continuance regular basis (e.g., monthly review of firewall rules)? Is the criterion affected by inter- Ongoing archinal changes (e.g., cloud configu- tectural ration changes or aging of com- changes ponents)? Is the criterion affected by exter- Environmental nal changes (e.g., new customers threats; or supplier changes)? Changes in legal and regulatory landscape Does the criterion require that Inherent cloud critical cloud characteristics (e.g., computing availability, integrity, or scalabil- characteristics ity) are assured? Does the criterion necessitate Inherent cloud managing critical security computing measures and issues (e.g., per- characteristics forming a security check when integrating new cloud components or vulnerability scans)? Can the cloud provider benefit Deliberate dis(e.g., cost reductions) from dis- continuance continuing adherence to the criterion? Does the criterion require cloud Ongoing archiservice providers to notify cloud tectural customers or third parties on changes; Delibemerged events, or performed erate discontinactions (e.g., informing about se- uance curity incidents or providing information about updating business continuity plans)?
This checklist consists of attributes, questions, and corresponding drawbacks. Questions should support the evaluation whether or not a criterion needs a high frequency auditing. If one or more questions can be affirmed, the corresponding attributes have to be assigned to the criterion. In case an attributed is assigned, the criterion can be marked as a candidate for CA. A higher number of assigned attributes indicates a higher need for being continuously audited. Exemplary criteria classifications will be presented in the following (see Table 3).
One criterion states that source code reviews should be performed regularly to identify possible vulnerabilities and security issues when developing software. Since this criterion implies actions, which have to be performed on a regular basis, the ‘Regularity’ checklist attribute was assigned, and the criterion was marked as a candidate for CA. Another criterion requires that a service desk has to have appropriate capabilities to cope with the current amount of cloud customers. Hence, the service desk would have to be enlarged in case of a major growth of cloud customers (assigned attribute ‘External Changes’). However, a cloud service provider might neglect this enlargement to achieve cost savings (assigned attribute ‘Benefits due to Discontinuity’). Furthermore, the assessed criteria requests to implement secure and reliable multi-tenancy capabilities. Since multi-tenancy is a critical cloud characteristic, and multi-tenancy security vulnerabilities might have major effects on cloud services, both attributes ‘Critical Cloud Characteristic’ and ‘Critical Security Criterion’ were assigned. One criterion demands providers to test software changes in test environments to assure that security requirements are fulfilled, and potential flaws are detected beforehand, thus the attribute ‘Internal Changes’ was assigned among others. As a last example, one criterion demands that cloud customers are to be informed about major security incidents. This criterion has to be continuously audited to assure ongoing notification. Hence, the attribute ‘Transparency’ was assigned.
Attribute Regularity
Internal Changes External Changes Critical Cloud Characteristic Critical Security Crit. Benefits due to Discontinuity Transparency
TABLE 3 EXEMPLARY CA CRITERIA Criteria Source code reviews should be performed regularly to identify possible vulnerabilities and security issues when developing software. Software changes have to be thoughtfully tested in testing environments before they can deployed on production systems. Processes have to be established and performed, which detect legal and regulatory requirement changes. Providers have to implement secure and reliable multi-tenancy capabilities. Data integrity has to be assured during storage and transmission of data. A service desk has to have appropriate capabilities to cope with the current amount of cloud customers. Cloud customers have to be informed about major security incidents immediately.
LINS ET AL.: TRUST IS GOOD, CONTROL IS BETTER: CREATING SECURE CLOUDS BY CONTINUOUS AUDITING
Fig. 4 presents the distribution of assigned checklist attributes in our sample criteria, and points out that attribute ‘Regularity’ and ‘Critical Security Criterion’ were assigned topmost. Regularity Internal Changes External Changes Critical Cloud Characteristic Critical Security Criterion Benefits due to Discontinuity Transparency
49 12 10 10 31 25 9 0
10
20
30
40
50
60
trigger further audits as well. Such external events comprise, for instance, announced software and hardware vulnerabilities (e.g., Heartbleed vulnerability), and might require auditors to verify certification requirements, which were not specified as CA candidates initially. Internal events might comprise major security incidents, major architectural changes or adjusted service level agreements, among others. Fig. 5 shows the number of criteria for each frequency. In addition, it shows that for some criteria a period of time (i.e., monthly to quarterly) was determined as frequency. Fig. 6 presents the proposed frequencies for each criteria category (see Section 4), and shows that their frequencies are greatly varying across different certification criteria.
Fig. 4. Distribution of assigned checklist attributes in sampled CSC criteria. (For each criterion, multiple attributes can be assigned).
Appendix C – Auditing Frequencies During the workshops with practitioners, for each assessed criterion an auditing frequency was proposed based upon their experience from conducting cloud service audits and their technical knowledge. The required auditing frequency is influenced by several factors. First, it depends on the cloud service type. A highly dynamic service requires a higher frequency compared to a static one. For instance, a service with a fairly consistent number of customers and a stable function portfolio is less affected by external and internal changes, thus a higher frequency might not be needed. Second, auditee´s operations and processes influence the frequency. A service provider might review their firewall guidelines on a semi-annually basis for example. Hence an auditor has to align his auditing frequency to their reviewing processes. Finally, one has to evaluate the economic feasibility of CA. In conclusion, the frequency of CA has to be individually adjusted based upon the auditee´s context. In addition, emerging external or internal events might
3
23
25 20
14
15
11
10 5
8
6 3
5
3
2
3
0
Fig. 5. Number of criteria for each auditing frequency.
Cloud Architecture Secruity Architecture & Mngmt. Monitoring weekly - monthly Incident Response Mngmt.
monthly
IT Service Continuity Mngmt.
monthly - quarterly
Internal Audit Mngmt.
monthly - semi-annually
Development Processes
quarterly quarterly - semi-annually
Compliance Mngmt.
semi-annually
Change Mngmt.
semi-annually - annually
Risk Mngmt.
annually Administration
event
Service Level Mngmt. Employee Mngmt. 0
2
4
6
8
Fig. 6. Number of auditing frequencies for each criteria category.
10
4
IEEE TRANSACTIONS ON CLOUD COMPUTING, TCC-2015-10-0378
Appendix D – Continuous Auditing Methodologies Table 4 provides an overview of identified methodologies as well as corresponding sources. TABLE 4 CONTINUOUS AUDITING METHODOLOGIES Method name
Description
Computer-Assisted Auditing Technologies and Tools Generalized Audit Computer-assisted auditing tools can be used by an auditor as part of their audit procedures Software to connect to an auditee´s information system, automatically extract, sample and analyze necessary data to improve audit efficiency. Penetration TestUsing tools to perform penetration tests to validate adequate security mechanisms, and to ing and Vulneraidentify system vulnerabilities. bility Scanning By using formal languages, for example XML or XBRL, exchanging data between an auditee Formal Languages and an auditor can be improved, and automated checks can be performed. Evidence Gathering Mechanisms Embedded Audit EAMs are special purpose code objects (e.g., programs) that are embedded into the auditees’ Module (EAM) information systems and supervise all of the audit-related data in real-time. Interceptor Interceptors can be applied as a wrapper to monitor data flowing into and out of information systems. Digital Agent Digital agents are intelligent and mobile software objects that achieve individual goals by autonomously performing actions that are traditionally undertaken by human auditors. Mining TechData, text and process mining techniques aim to systematically analyze data stored internally niques or externally to gain insights, e.g., into cloud service operation. Auditing System Architectures Audit Data Mart Audit data marts are small, mostly auditee-independent data repositories in which relevant data is automatically stored. Monitoring and The monitoring and control layer forms an overlay on top of a set of existing systems to Control Layer gather and analyze data from integrated applications. Agent-based Digital Agents are initiated and dispatched to different auditee systems to perform individArchitectures ual auditing operations. Auditing Web Auditing functions can be represented as a web service that resides within the auditor´s enServices vironment, and can be invoked to audit an auditee´s system. Decision Support DSS can expedite decision-making processes and decrease efforts by aggregating data from System (DSS) different information sources, and by incorporating analysis technologies. Log Inspection Abstract Using abstract execution logs to monitor the execution of applications with limited log forExecution mat requirements. Log Inspection Unstructured Automatically analyzing unstructured logs by using data mining techniques to detect system Logs Analysis anomalies. Privacy Protection A posteriori log analysis to verify the compliance with defined privacy policies. Data Integrity Validation Auditing of Data A variety of methods are proposed to enable third parties to validate the integrity of multiple Integrity users data stored in a cloud. Auditing of Contexts in which cloud users are sharing data as a group require adjusted integrity checks Shared Data Indue to dynamic group settings. Private group keys can be used as additional file signatures tegrity and as an indicator for data integrity. Validating Backup To perform automatic backup integrity checks, a backup file can be encoded into code Integrity chunks, which are distributed over and stored in a number of servers.
Appendix Reference [4–12]
[13, 14]
[15–18]
[4, 10, 19–27] [25, 28–32] [4, 33–39] [24, 40, 41]
[4, 23, 38, 42–44] [19, 45–47] [4, 38, 39, 48, 49] [15, 17, 37, 39, 50, 51] [24]
[52]
[53] [54, 55] [56–70] [71–74]
[75]
LINS ET AL.: TRUST IS GOOD, CONTROL IS BETTER: CREATING SECURE CLOUDS BY CONTINUOUS AUDITING
Appendix E – Exemplary Interview Questions This section provides an exemplarily overview of (translated) questions asked during interviews with practitioners.
5
i. Which risks and challenges bears an integration of extern monitoring services or third party services, or the provision of audit-relevant data? Customer Interviews
Assessing Continuous Auditing Methodologies
A. Current auditing practices i. How do you currently perform annually audits? ii. Do you currently use any computer-aided auditing tools or techniques? iii. Which cloud service documentation and data do you currently receive and analyze? B. Applicability of CA methodologies i. How can audit-related data be continuously gathered? ii. Do you think the provider is willing to integrate external auditing components? iii. If the provider provisions comprehensive log data, would you analyze these logs to verify certification adherence? iv. Which existing auditing process might or should be automated? v. Do you think method x (see Appendix D) can be used in the context of continuous cloud service auditing? Why / Why not?
Focus Group Interviews
A. Use cases of CA i. Why should you change from a traditional auditing to a CA? ii. Are there additional stakeholders in the context of CA, compared to traditional certification contexts? iii. How could these stakeholder jointly participate in a CA process? iv. Describe exemplary situations how your company can take part in CA. B. Auditing scope i. Which characteristics of a cloud-service are important for you, and should be continuously audited? ii. What are upper and lower boundaries of the auditing frequency? C. Architectural concepts i. Which components and processes are required to perform external CA? ii. Which tasks require a specific attention in a CA context? Which additional tasks might exist? iii. How can audit-related data be gathered and exchanged between parties? iv. Which existing auditing process can be automated and how? v. How can CA be integrated into an organizational structure? D. Risks and limitations
A. Criteria & auditing frequency i. Which characteristics of a cloud-service are important for you, and should be continuously audited? ii. How often should these criteria be checked for adherence? B. Customer integration i. How would you, as a customer, like to be involved in the processes of CA? ii. Should the process of CA be customizable for you (e.g., defining thresholds)? iii. Which requirements do you have concerning privacy and security of your data during CA processes? iv. Which additional service features would you like to have in the context of CA? C. Information transfer to the customer i. Which information should be continuously delivered to you? ii. Through which channels (e.g., e-mail) would you like to receive auditing information? iii. On which events would you like to be notified? iv. When do you think a certification is void?
6
IEEE TRANSACTIONS ON CLOUD COMPUTING, TCC-2015-10-0378
APPENDIXES REFERENCES [1]
[2] [3] [4]
[5]
[6]
[7]
[8]
[9] [10]
[11] [12] [13] [14] [15]
[16]
[17]
[18]
[19]
[20]
[21]
S. Lins, S. Thiebes, S. Schneider, and A. Sunyaev, “What is Really Going on at Your Cloud Service Provider?”, in Proc. HICSS, 2015, pp. 1–10. J. Postel, “RFC: 791 - Internet Protocol”, 1981. J. Webster and R. T. Watson, "Analyzing the Past to Prepare for the Future", MISQ, vol. 26, no. 2, pp. xiii, 2002. C. L.-y. Chou, T. Du, and V. S. Lai, "Continuous auditing with a multi-agent system", Decis Support Syst, vol. 42, no. 4, 2007. A. Ahmi and S. Kent, "The utilisation of generalized audit software by external auditors", Managerial Auditing Journal, vol. 28, no. 2, pp. 88–113, 2012. I. Lungu and T. Vătuiu, "Computer assited audit techniques", Annals of the University of Petrosani Economics, vol. 7, 2007. T. Singleton and D. L. Flesher, "A 25‐year retrospective on the IIA’s SAC projects", Managerial Auditing Journal, vol. 18, no. 1, pp. 39–53, 2003. N. Mahzan and A. Lymer, "Examining the adoption of computer-assisted audit tools and techniques", Managerial Auditing Journal, vol. 29, no. 4, pp. 327–349, 2014. I. Pedrosa and C. J. Costa, “New trends on CAATTs”, in Proc. ISDOC, Lisboa, Portugal, 2014, pp. 138–142. R. L. Braun and H. E. Davis, "Computer-assisted audit tools and techniques: analysis and perspectives", Managerial Auditing Journal, vol. 18, no. 9, pp. 725–731, 2003. ACL Services Ltd, ACL Solutions. Available: www.acl.com (2015, Jul. 17). CaseWare IDEA Inc, “Continuous Auditing”, 2008. Qualys Inc, Qualys. Available: www.qualys.com (2014, Oct. 20). tenable network security, Nessus. Available: nessus.org (2015, Jul. 17). J. Gao, “Technical framework model of continuous online assurance”, in Proc. ICEE, Guangzhou, China, 2010, pp. 2141–2144. J. E. Boritz and W. G. No, "Security in XML-based financial reporting services on the Internet", J Account Public Pol, vol. 24, no. 1, pp. 11–35, 2005. U. S. Murthy and S. M. Groomer, "A continuous auditing web services model for XML-based accounting systems", International Journal of Accounting Information Systems, vol. 5, no. 2, 2004. G. Koschorreck, “Automated audit of compliance and security controls”, in Proc. IMF, Stuttgart, Germany, 2011, pp. 137–148. M. Alles, G. Brennan, A. Kogan, and M. A. Vasarhelyi, "Continuous monitoring of business process controls", International Journal of Accounting Information Systems, vol. 7, no. 2, 2006. Y. Chen, "Continuous auditing using a strategic-systems approach", Internal Auditing, vol. 19, no. 3, pp. 31–36, 2004. B. Schroeder, "On-line monitoring", Computer, vol. 28, no. 6, 1995.
[22]
[23]
[24] [25]
[26]
[27]
[28]
[29]
[30]
[31]
[32] [33]
[34]
[35] [36]
[37]
[38]
[39]
S. M. Groomer and U. S. Murthy, "Continuous auditing of database applications", Inf. Syst. J, vol. 3, no. 2, p. 53, 1989. Z. Rezaee, A. Sharbatoghlie, R. Elam, and P. L. McMickle, "Continuous auditing", Auditing, vol. 21, no. 1, pp. 147–163, 2002. J. E. Hunton and J. M. Rose, "21st Century Auditing", Accounting Horizons, vol. 24, no. 2, pp. 297–312, 2010. C.-C. Lin, F. Lin, and D. Liang, “An analysis of using state of the art technologies to implement real-time continuous assurance”, in Proc. SERVICES, Miami, FL, USA, 2010, pp. 415–422. C. Ardagna, E. Damiani, R. Jhawar, and V. Piuri, “A model-based approach to reliability certification of services”, in Proc. DEST, Italy, 2012. D. R. Hermanson, B. Moran, C. Rossie, and D. Wolfe, “Continuous monitoring of transactions to reduce fraud, misuse, and errors.” in Journal of Forensic Accounting: Auditing, Fraud & Taxation, R. T. Edwards, Ed, 2006, pp. 17– 30. C.-L. Fang, D. Liang, F. Lin, C.-C. Lin, and W.-C. Chu, “A portable interceptor mechanism on SOAP for continuous audit”, in Proc. APSEC, Bangalore, India, 2006, pp. 95–104. D. Żmuda, M. Psiuk, and K. Zieliński, "Dynamic monitoring framework for the SOA execution environment", Proc. CSER, pp. 125–133, 2010. Microsoft, Hooks Overview. Available: msdn.microsoft.com/en-us/library/windows/desktop/ms644959%28v=vs.85%29.aspx (2015, Jul. 17). The Apache Software Foundation, Package org.apache.axis.handlers. Available: axis.apache.org/axis/java/apiDocs/org/apache/axis/h andlers/package-summary.html (2015, Jul. 17). Portswigger Web Security, Burp Suite. Available: portswigger.net/burp (2015, Jul. 17). T. C. Du, E. Y. Li, and E. Wei, "Mobile agents for a brokering service in the electronic marketplace", Decis Support Syst, vol. 39, no. 3, pp. 371–383, 2005. A. Fuggetta, G. Picco, and G. Vigna, "Understanding code mobility", IEEE Trans Software Eng, vol. 24, no. 5, pp. 342–361, 1998. J. M. Shaikh, "E-commerce impact", Managerial Auditing Journal, vol. 20, no. 4, pp. 408–421, 2005. J. Woodroof and D. Searcy, “Continuous audit implications of internet technology”, in Proc. HICSS, Outrigger Wailea Resort, Island of Maui, 2001, pp. 1–8. F. Doelitzscher, C. Fischer, D. Moskal, C. Reich, M. Knahl, and N. Clarke, “Validating cloud infrastructure changes by cloud audits”, in Proc. SERVICES, Honolulu, HI, USA, 2012. H. Ye, J. Yang, and Y. Gan, “Research on continuous auditing based on multi-agent and web services”, in Proc. ICMeCG, Beijing, China, 2012, pp. 220–225. F. Doelitzscher, C. Reich, M. Knahl, A. Passfall, and N. Clarke, "An agent based business aware incident detection system for cloud environments", JoCCASA, vol. 1, no. 1, p. 9, 2012.
LINS ET AL.: TRUST IS GOOD, CONTROL IS BETTER: CREATING SECURE CLOUDS BY CONTINUOUS AUDITING
[40]
[41]
[42]
[43] [44]
[45]
[46]
[47]
[48]
[49]
[50]
[51]
[52]
[53]
[54] [55]
[56]
C.-T. Kuo, H.-M. Ruan, C.-L. Lei, and S.-J. Chen, “A mechanism on risk analysis of information security with dynamic assessment”, in Proc. INCoS, Fukuoka, Japan, 2011, pp. 643–646. M. Jans, M. Alles, and M. Vasarhelyi, "The case for process mining in auditing", Methodologies in AIS Research, vol. 14, no. 1, pp. 1–20, 2013. K. Singh, P. J. Best, M. Bojilov, and C. Blunt, "Continuous auditing and continuous monitoring in ERP environments", Inf. Syst. J, vol. 28, no. 1, pp. 287–310, 2013. J. S. David and P. J. Steinbart, "Drowning in data", Strategic Finance, vol. 81, no. 6, pp. 30–36, 1999. R. Baksa and M. Turoff, “Continuous auditing as a foundation for real time decision support” in Supporting Real Time Decision-Making, F. Burstein, P. Brézillon, and A. Zaslavsky, Eds.: Springer US, 2011, pp. 237–252. Kuhn Jr, John R. and S. G. Sutton, "Continuous auditing in ERP system environments", Inf. Syst. J, vol. 24, no. 1, pp. 91–112, 2010. M. A. Vasarhelyi, M. G. Alles, A. Kogan, and D. O'Leary, "Principles of analytic monitoring for continuous assurance", Journal of Emerging Technologies in Accounting, vol. 1, pp. 1–21, 2004. J. L. Perols and U. S. Murthy, "Information fusion in continuous assurance", Inf. Syst. J, vol. 26, no. 2, pp. 35–52, 2012. C.-H. Wu, Y. E. Shao, B.-Y. Ho, and T.-Y. Chang, “On an agent-based architecture for collaborative continuous auditing”, in Proc. CSCWD, Xi´an, China, 2008, pp. 355– 360. J. Zhang and C. Wan, “Securing continuous auditing in wireless network”, in Proc. ICEE, Shanghai, China, 2011, pp. 1–4. C.-H. Yeh, T.-P. Chang, and W.-C. Shen, “Developing continuous audit and integrating information technology in e-business”, in Proc. APSCC, Yilan, Taiwan, 2008, pp. 1013–1018. F. Doelitzscher, C. Reich, M. Knahl, and N. Clarke, “Understanding cloud audits” in Privacy and Security for Cloud Computing, S. Pearson and G. Yee, Eds.: Springer London, 2013, pp. 125–163. Z. M. Jiang, A. Hassan, P. Flora, and G. Hamann, “Abstracting execution logs to execution events for enterprise applications”, in Proc. QSIC, Oxford, England, 2008, pp. 181–186. Q. Fu, J.-G. Lou, Y. Wang, and J. Li, “Execution anomaly detection in distributed systems through unstructured log analysis”, in Proc. ICDM, Miami, Florida, USA, 2009, pp. 149–158. R. Accorsi, “Automated privacy audits to complement the notion of control for identity management”, 2007. R. Accorsi and T. Stocker, “Automated privacy audits based on pruning of log data”, in Proc. EDOC, Munich, Germany, 2008. C. Liu, J. Chen, L. Yang, X. Zhang, C. Yang, R. Ranjan, and K. Ramamohanarao, "Authorized public auditing of
[57]
[58]
[59]
[60]
[61]
[62]
[63]
[64]
[65]
[66]
[67]
[68]
[69]
[70]
[71]
7
dynamic big data storage on cloud with efficient verifiable fine-grained updates", IEEE Trans. Parallel Distrib. Syst, vol. 25, no. 9, 2013. C. Wang, Chow, Sherman S. M, Qian Wang, K. Ren, and W. Lou, "Privacy-Preserving public auditing for secure cloud storage", IEEE Trans. Cloud Comput, vol. 62, no. 2, pp. 362–375, 2013. Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, "Enabling public auditability and data dynamics for storage security in cloud computing", IEEE Trans. Parallel Distrib. Syst, vol. 22, no. 5, pp. 847–859, 2011. K. Yang and X. Jia, "An efficient and secure dynamic auditing protocol for data storage in cloud computing", IEEE Trans. Parallel Distrib. Syst, vol. 24, no. 9, pp. 1717– 1726, 2013. Y. Zhu, G.-J. Ahn, H. Hu, S. Yau, H. An, and C.-J. Hu, "Dynamic audit services for outsourced storages in clouds", IEEE Transa. Serv. Comput, vol. 6, no. 2, pp. 227– 238, 2013. J. Sujana and T. Revathi, “Ensuring privacy in data storage as a service for educational institution in cloud computing”, in Proc. ISCOS, Mangalore, India, 2012, pp. 96– 100. R. Nithiavathy, “Data integrity and data dynamics with secure storage service in cloud”, in Proc. PRIME, Salem, Germany, 2013. B. Wang, H. Li, and M. Li, “Privacy-preserving public auditing for shared cloud data supporting group dynamics”, in Proc. ICC, Budapest, Hungary, 2013, pp. 1946–1950. M. N. Rajkumar, V. V. Kumar, and R. Sivaramakrishnan, “Efficient integrity auditing services for cloud computing using raptor codes”, in Proc. RACS, Montreal, Canada, 2013, pp. 75–78. C. Liu, R. Ranjan, C. Yang, X. Zhang, L. Wang, and J. Chen, "MuR-DPA", IACR Cryptology ePrint Archive, vol. 2014, pp. 1–12, 2014. M. A. Shah, R. Swaminathan, and M. Baker, “Privacypreserving audit and extraction of digital contents”, 2008. Y. Zhu, H. Hu, G.-J. Ahn, and M. Yu, "Cooperative provable data possession for integrity verification in multicloud storage", IEEE Trans. Parallel Distrib. Syst, vol. 23, no. 12, pp. 2231–2244, 2012. K. He, C. Huang, J. Wang, H. Zhou, X. Chen, Y. Lu, L. Zhang, and B. Wang, “An efficient public batch auditing protocol for data security in multi-cloud storage”, in Proc. ChinaGrid, Changchun, China, 2013, pp. 51–56. C. Wang, Q. Wang, K. Ren, and W. Lou, “Ensuring data storage security in cloud computing”, in Proc. IWQoS, Charleston, SC, USA, 2009, pp. 1–9. J. Ni, Y. Yu, Y. Mu, and Q. Xia, "On the security of an efficient dynamic auditing protocol in cloud storage", IEEE Trans. Parallel Distrib. Syst, vol. (in Press), 2013. O. Kwon, D. Koo, Y. Shin, and H. Yoon, "A secure and efficient audit mechanism for dynamic shared data in cloud storage", The Scientific World Journal, vol. 2014, pp. 1–11, 2014.
8
[72] [73] [74] [75]
IEEE TRANSACTIONS ON CLOUD COMPUTING, TCC-2015-10-0378
B. Wang, B. Li, and H. Li, “Knox” in Applied Cryptography and Network Security, 2012, pp. 507–525. B. Wang, B. Li, and H. Li, "Oruta", IEEE Trans. on Cloud Comput, vol. 2, no. 1, pp. 43–56, 2014. B. Wang, B. Li, and H. Li, “Panda”, in Proc. INFOCOM, Turin, Italy, 2013, pp. 2904–2912. H. C. H. Chen and P. P. C. Lee, "Enabling data integrity protection in regenerating-coding-based cloud storage", IEEE Trans. Parallel Distrib. Syst, vol. 25, no. 2, pp. 407– 416, 2014.
