Home // International Journal On Advances in Networks and Services, volume 6, numbers 1 and 2, 2013 // View article

Sun Behind Clouds - On Automatic Cloud Security Audits and a Cloud Audit Policy Language

Authors:
Frank Doelitzscher
Thomas Ruebsamen
Tina Karbe
Martin Knahl
Christoph Reich
Nathan Clarke

Keywords: Cloud computing, security policies, Cloud audits, agents

Abstract:
Studies show that when it comes to an integration of Cloud computing into enterprises, chief information officers and management still see some dark Clouds on the horizon. The biggest one is the lack of security, which results in distrust and skepticism against the technology, mainly originating from an intransparency of Cloud environments. To increase this transparency, the Cloud Research Lab at Furtwangen University develops the Security Audit as a Service (SAaaS) architecture for Infrastructure as a Service Cloud environments. It is targeted to ensure that a desired security level is reached and maintained within a frequently changing Cloud infrastructure. Despite a traditional security audit, which includes a comprehensive and therefore time-consuming security check of a whole infrastructure, a Cloud security audit needs to be lightweight enough to be executed right after an infrastructure change occurred, and precisely target-oriented to perform an audit of the specific infrastructure components affected by this change. This is called a concurrent security audit. In this paper, a Cloud audit policy language for the SAaaS architecture gets presented. First, the design and implementation of the automated audit system of virtual machine images, which ensures legal and company policies, is described. Second, on-demand deployed software audit agents that maintain and validate the security compliance of running Cloud services, are discussed.

Pages: 1 to 16

Copyright: Copyright (c) to authors, 2013. Used with permission.

Publication date: June 30, 2013

Published in: journal

ISSN: 1942-2644