Skip to main content
SpringerLink
Log in

A Framework for Cloud Security Audit

  • Conference paper
  • First Online:
Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security (ICGS3 2015)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 534))

Included in the following conference series:

  • International Conference on Global Security, Safety, and Sustainability

  • 1775 Accesses

Abstract

More and more individual users and businesses are earnestly considering cloud adoption for achieving mission objectives. However, concerns being raised include the ability of users to ascertain the security posture of cloud service providers to adequately safeguard data and applications. We present a cloud security audit framework that entails a set of concepts such as goals, constraint, plan and evidence to enable prospective cloud users to identify their migration goals and introduce constraints that must be satisfied by a potential cloud provider before migration. The concepts are considered as a language for describing the properties necessary for cloud security audit through a metamodel. An example is given to demonstrate the applicability of the approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Moeller, R.: IT Audit, Control, and Security. Wiley, Hoboken (2010)

    Book  Google Scholar 

  2. Mateescu, G., Vlădescu, M., Sgârciu, V.: Auditing cloud computing migration. In: 9th IEEE International Symposium on Applied Computational Intelligence and Informatics, Timişoara, Romania (2014)

    Google Scholar 

  3. Vidya Marshal, S.: Secure audit service by using TPA for data integrity in cloud system: Int. J. Innovative Technol. Exploring Eng. (IJITEE) 3(4) (2013). ISSN: 2278-3075

    Google Scholar 

  4. Cloud Security Alliance CloudAudit: Automated, Audit, Assertion, Assessment and Assurance (2011). http://cloudaudit.org-Accessed. Accessed 29 Mar 2015

  5. Mouratidis, H., Giorgini, P.: Secure tropos: a security – oriented extension of the tropos methodology. J. Auton. Agents Multi-Agent Syst. 17, 285–309 (2007)

    Google Scholar 

  6. National IT and Telecoms Agency: Cloud Audit and Assurance Initiatives. The National IT and Telecoms Agency, Denmark (2011). http://www.digst.dk/~/media/Files/English/Cloud%20Audit%20and%20Assurance%20EN_cagr.pdf. Accessed 12 Apr 15

  7. Ouedraogo, M., Mouratidius, H.: Selecting a Cloud Service Provider in the age of cybercrime. J. Comput. Secur. 38, 3–13 (2013)

    Article  Google Scholar 

  8. Pearson, S., Yee, G.: Privacy and Security for Cloud Computing. Computer Communication and Network. Springer, London (2013)

    Book  Google Scholar 

  9. Cloud Security Alliance CloudAudit: Automated, Audit, Assertion, Assessment and Assurance, (2010). http://cloudaudit.org-Accessed. Accessed 29 Jan 2015

  10. Nicolaou, C.A.: Auditing in the cloud: challenges and opportunities. CPA J. 82, 66 (2012)

    Google Scholar 

  11. Ryoo, J., Rizvi, S., Aiken, W., Kissell, J.: Cloud security auditing: challenges and emerging approaches. IEEE Secur. Priv. 12(6), 68–74 (2014)

    Article  Google Scholar 

  12. Yu, E.: Modelling strategic relationships for process reengineering. Ph.D. thesis, Department of Computer Science, University of Toronto, Canada (1995)

    Google Scholar 

  13. Cloud Security Alliance: Cloud Control Matrix (2011). https://cloudsecurityalliance.org/research/ccm/. Accessed 29 Mar 2015

  14. Mouratidis, H.. Giorgini, P., Manson, G., Philp, I.: A Natural Extension of Tropos Methodology for Modelling Security

    Google Scholar 

  15. Giunchiglia, F., Mylopoulos, J., Perini, A.: The tropos software development methodology: processes, models and diagrams. In: Giunchiglia, F., Odell, J.J., Weiss, G. (eds.) AOSE 2002. LNCS, vol. 2585, pp. 162–173. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. ISO 19011: Auditing Definitions Translated into Plain English. http://www.praxiom.com/iso-19011-definitions.htm. Accessed 13 Apr 15

  17. Kalloniatis, C., Mouratidis, H., Islam, S.: Evaluating cloud deployment scenarios based on security and privacy requirements. Requirements Eng. J. (REJ) 18(4), 299–319 (2013). Springer

    Article  Google Scholar 

  18. Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S.: A framework to support selection of cloud providers based on security and privacy requirements. J. Syst. Softw. 86(9), 2276–2293 (2013). Elsevier

    Article  Google Scholar 

  19. Islam, S., Mouratidis, H., Weippl, E.: An empirical study on the implementation and evaluation of a goal-driven software development risk management model. J. Inf. Softw. Technol. 56(2), 117–133 (2014). Elsevier

    Article  Google Scholar 

Download references

Acknowledgement

This work was partly supported by the Austrian Science Fund (FWF) project no. P26289-N23.

Author information

Authors and Affiliations

  1. School of Architecture, Computing and Engineering, University of East London, London, UK

    Umar Mukhtar Ismail & Shareeful Islam

  2. School of Computing, Engineering and Mathematics, University of Brighton, Brighton, UK

    Haralambus Mouratidis

Authors
  1. Umar Mukhtar Ismail
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shareeful Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Haralambus Mouratidis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Umar Mukhtar Ismail .

Editor information

Editors and Affiliations

  1. GSM London, London, United Kingdom

    Hamid Jahankhani

  2. SC Strategy Limited, London, United Kingdom

    Alex Carlile

  3. Sheffield Hallam University, Sheffield, United Kingdom

    Babak Akhgar

  4. Deutsche Bank, New York, USA

    Amie Taal

  5. City University, London, United Kingdom

    Ali G. Hessami

  6. Leeds Beckett University, Leeds, United Kingdom

    Amin Hosseinian-Far

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ismail, U.M., Islam, S., Mouratidis, H. (2015). A Framework for Cloud Security Audit. In: Jahankhani, H., Carlile, A., Akhgar, B., Taal, A., Hessami, A., Hosseinian-Far, A. (eds) Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security. ICGS3 2015. Communications in Computer and Information Science, vol 534. Springer, Cham. https://doi.org/10.1007/978-3-319-23276-8_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23276-8_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23275-1

  • Online ISBN: 978-3-319-23276-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation