Skip to main content
SpringerLink
Log in

Operational-Behavior Auditing in Cloud Storage

  • Conference paper
  • First Online:
Cloud Computing, Security, Privacy in New Computing Environments (CloudComp 2016, SPNCE 2016)

  • 874 Accesses

Abstract

As an indispensable branch of cloud computing, cloud storage enables individuals and organizations to enjoy large-scale and distributed storage capability in a multi-tenant service pattern. However, there is still a serious lack of mutual trust between the users and cloud service providers, since both of them can perform dishonest and malicious operational behaviors on cloud data. Secure audit for operational behaviors is vital for cloud forensic investigation, which collects and offers essential audit logs for a forensic investigator to track security incidents and accountability determination. Such an auditing service can help to achieve better security assurances within the whole life cycle of cloud data. In this paper, we present an auditing mode for operational behaviors in cloud storage, introduce the open issues in two main phases, log audit and forensic investigation, and discuss the future trends.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mell, P., Grance, T.: Draft NIST working definition of cloud computing. Technical report (2009). http://csrc.nist.gov/groups/SNS/cloud-computing/index.html

  2. Wang, C., Ren, K., Lou, W., Jin, L.: Toward publicly auditable secure cloud data storage services. IEEE netw. 24, 19–24 (2010)

    Article  Google Scholar 

  3. Ren, K., Wang, C., Wang, Q.: Security challenges for the public cloud. IEEE Internet Comput. 16, 69–73 (2012)

    Article  Google Scholar 

  4. Ko, Ryan K.L., Lee, B.S., Pearson, S.: Towards achieving accountability, auditability and trust in cloud computing. In: Abraham, A., Mauri, J.L., Buford, John F., Suzuki, J., Thampi, Sabu M. (eds.) ACC 2011. CCIS, vol. 193, pp. 432–444. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22726-4_45

    Chapter  Google Scholar 

  5. Yang, K., Jia, X.: Data storage auditing service in cloud computing: challenges, methods and opportunities. World Wide Web 15, 409–428 (2012)

    Article  Google Scholar 

  6. Tian, H., Chen, Y., Chang, C.C., Jiang, H., Huang, Y., Chen, Y.H., Liu, J.: Dynamic-hash- table based public auditing for secure cloud storage. IEEE Trans. Serv. Comput. (2015). doi:10.1109/TSC.2015.2512589

  7. Wang, Q., Wang, C., Ren, K., Lou, W., Li, J.: Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans. Parallel Distrib. Syst. 22, 847–859 (2011)

    Article  Google Scholar 

  8. Juels, A., Kaliski, B.S.: PoRs: proofs of retrievability for large files. In: 14th ACM Conference on Computer and Communications Security, pp. 584–597 (2007)

    Google Scholar 

  9. Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008). doi:10.1007/978-3-540-89255-7_7

    Chapter  Google Scholar 

  10. Wang, G., Liu, Q., Wu, J.: A hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: 17th ACM Conference on Computer and Communications Security, pp. 735–737 (2010)

    Google Scholar 

  11. Yang, K., Jia, X., Ren, K., Zhang, B., Xie, R.: DAC-MACS: effective data access control for multiauthority cloud storage systems. IEEE Trans. Inf. Forensics Secur. 8, 1790–1801 (2013)

    Article  Google Scholar 

  12. Halevi, S., Harnik, D., Pinkas, B., Peleg, A.S.: Proofs of ownership in remote storage systems. In: 18th ACM Conference on Computer and Communications Security, pp. 49–500 (2011)

    Google Scholar 

  13. Zheng, Q., Xu, S.: Secure and efficient proof of storage with deduplication. In: 2nd ACM Conference on Data and Application Security and privacy, pp. 1–12 (2012)

    Google Scholar 

  14. Martini, B., Choo, K.K.R.: An integrated conceptual digital forensic framework for cloud computing. Digit. Invest. 9, 71–80 (2012)

    Article  Google Scholar 

  15. Dykstra, J., Sherman, A.T.: Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques. Digit. Invest. 9, S90–S98 (2012)

    Article  Google Scholar 

  16. Zawoad, S., Dutta, A.K., Hasan, R.: Towards building forensics enabled cloud through secure logging-as-a-service. IEEE Trans. Dependable Secure Comput. 13, 148–162 (2016)

    Article  Google Scholar 

  17. Zawoad, S., Dutta, A.K., Hasan, R.: SecLaaS: secure logging-as-a-service for cloud forensics. In: 8th ACM SIGSAC Symposium Information, Computer and Communications Security, pp. 219–230 (2013)

    Google Scholar 

  18. Bellare, M., Yee, B.: Forward integrity for secure audit logs. Technical report, Computer Science and Engineering Department (1997)

    Google Scholar 

  19. Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2, 159–176 (1999)

    Article  Google Scholar 

  20. Ma, D., Tsudik, G.: A new approach to secure logging. ACM Trans. Storage 5, 1–21 (2009)

    Article  Google Scholar 

  21. Yavuz, A.A., Ning, P., Reiter, M.K.: Efficient, compromise resilient and append-only cryptographic schemes for Secure audit logging. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 148–163. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32946-3_12

    Chapter  Google Scholar 

  22. Holt, J.E.: Logcrypt: forward security and public verification for secure audit logs. In: 4th Australasian Workshops on Grid Computing and E-research, pp. 203–211 (2006)

    Google Scholar 

  23. Accorsi, R.: BBox: a distributed secure log architecture. In: Camenisch, J., Lambrinoudakis, C. (eds.) EuroPKI 2010. LNCS, vol. 6711, pp. 109–124. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22633-5_8

    Chapter  Google Scholar 

  24. Stathopoulos, V., Kotzanikolaou, P., Magkos, E.: A framework for secure and verifiable logging in public communication networks. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 273–284. Springer, Heidelberg (2006). doi:10.1007/11962977_22

    Chapter  Google Scholar 

  25. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J Cryptol. 17, 297–319 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  26. Roussev, V., Richard, L., G.G.: Breaking the performance wall: the case for distributed digital forensics. In: 2004 Digital Forensics Research Workshop, vol. 94 (2004)

    Google Scholar 

  27. Marziale, L., Richard, G.G., Roussev, V.: Massive threading: using GPUs to increase the performance of digital forensics tools. Digit. Invest. 4, 73–81 (2007)

    Article  Google Scholar 

  28. Francois, J., Wang, S., Bronzi, W.: Botcloud: Detecting botnets using mapreduce. In: IEEE International Workshop on Information Forensics and Security, pp. 1–6 (2011)

    Google Scholar 

  29. Roussev, V., Wang, L., Richard, G., Marziale, L.: A cloud computing platform for large-scale forensic computing. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2009. IAICT, vol. 306, pp. 201–214. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04155-6_15

    Chapter  Google Scholar 

  30. Therdphapiyanak, J., Piromsopa, K.: Applying Hadoop for log analysis toward distributed IDS. In: 7th ACM International Conference on Ubiquitous Information Management and Communication, vol. 3 (2013)

    Google Scholar 

  31. Lin, X., Wang, P., Wu, B.: Log analysis in cloud computing environment with Hadoop and Spark. In: 5th IEEE International Conference on Broadband Network and Multimedia Technology, pp. 273–276 (2013)

    Google Scholar 

Download references

Acknowledgments

This work was supported in part by Natural Science Foundation of China under Grant Nos. U1405254, U1536115 and 61302094, Program of China Scholarships Council under Grant No. 201507540001, Natural Science Foundation of Fujian Province of China under Grant No. 2014J01238, Program for New Century Excellent Talents in Fujian Province University under Grant No. MJK2016-23, Program for Outstanding Youth Scientific and Technological Talents in Fujian Province University under Grant No. MJK2015-54, Promotion Program for Young and Middle-aged Teacher in Science & Technology Research of Huaqiao University under Grant No. ZQN-PY115, and Program for Science & Technology Innovation Teams and Leading Talents of Huaqiao University under Grant No. 2014KJTD13.

Author information

Authors and Affiliations

  1. College of Computer Science, National Huaqiao University, Xiamen, 361021, China

    Zhaoyi Chen, Hui Tian, Yiqiao Cai, Tian Wang & Yonghong Chen

  2. Network Technology Center, National Huaqiao University, Xiamen, 361021, China

    Jing Lu

Authors
  1. Zhaoyi Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hui Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jing Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yiqiao Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yonghong Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hui Tian .

Editor information

Editors and Affiliations

  1. South China University of Technology, Guangzhou, China

    Jiafu Wan

  2. Dalian University of Technology, Dalian, China

    Kai Lin

  3. South China University of Technology, Guangzhou, China

    Delu Zeng

  4. School of Computer Science, Guangzhou University, Guangzhou, China

    Jin Li

  5. Deakin University, Burwood, Australia

    Yang Xiang

  6. Southwest University, Chongqing, China

    Xiaofeng Liao

  7. Shenzhen University, Nankai, China

    Jiwu Huang

  8. Nankai University, Nankai, China

    Zheli Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, Z., Tian, H., Lu, J., Cai, Y., Wang, T., Chen, Y. (2018). Operational-Behavior Auditing in Cloud Storage. In: Wan, J., et al. Cloud Computing, Security, Privacy in New Computing Environments. CloudComp SPNCE 2016 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 197. Springer, Cham. https://doi.org/10.1007/978-3-319-69605-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69605-8_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69604-1

  • Online ISBN: 978-3-319-69605-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation