Skip to main content
SpringerLink
Log in

Cloud Audits and Privacy Risks

  • Conference paper
On the Move to Meaningful Internet Systems: OTM 2013 Conferences (OTM 2013)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8185))

Abstract

In cloud computing users are giving up control over resources such as storage. Lacking transparency of cloud services (e.g. data access and data lifecycle reports) is an important trust issue, that hinders a more wide-spread adoption of cloud computing. Giving the customer of cloud services more information about data usage, compliance test reports and accordance to best-practices make the cloud more transparent. Reporting about such verifications is the main objective of cloud audits and is performed by third party auditors (TPAs). However, public auditing by TPAs can introduce new privacy problems. In this paper, a survey of current cloud audit privacy problems is given and techniques are shown how they can be addressed. Also, requirements for a privacy-aware public audit system are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mell, P., Grance, T.: The NIST Definition of Cloud Computing. Technical report, National Institute of Standards and Technology, Information Technology Laboratory (2011)

    Google Scholar 

  2. CNN: Google fires engineer for privacy breach (September 2010), http://edition.cnn.com/2010/TECH/web/09/15/google.privacy.firing/

  3. Cloud Security Alliance (CSA): Security, Trust & Assurance Registry (STAR), https://cloudsecurityalliance.org/star/

  4. Amazon: Amazon’s service health dashboard, http://status.aws.amazon.com/

  5. Privacy Rights Clearinghouse: Amsterdam Hospitality Group, https://www.privacyrights.org/data-breach-asc?title=amsterdam

  6. Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom), pp. 693–702 (2010)

    Google Scholar 

  7. Badger, L., Bohn, R., Chu, S., Hogan, M., Liu, F., Kaufmann, V., Mao, J., Messina, J., Mills, K., Sokol, A., Tong, J., Whiteside, F., Leaf, D.: US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft) - Useful Information for Cloud Adopters. Technical report, National Institute of Standards and Technology, Information Technology Laboratory (2011)

    Google Scholar 

  8. Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. Cryptology ePrint Archive, Report 2007/202 (2007), http://eprint.iacr.org/

  9. Bowers, K.D., Juels, A., Oprea, A.: Proofs of retrievability: theory and implementation. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 43–54. ACM, New York (2009)

    Chapter  Google Scholar 

  10. Juels, A., Kaliski Jr., B.S.: Pors: proofs of retrievability for large files. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 584–597. ACM, New York (2007)

    Chapter  Google Scholar 

  11. Wang, C., Ren, K., Lou, W., Li, J.: Toward publicly auditable secure cloud data storage services. IEEE Network 24(4), 19–24 (2010)

    Article  Google Scholar 

  12. Merkle, R.C.: Protocols for public key cryptosystems. In: IEEE Symposium on Security and Privacy, pp. 122–134 (1980)

    Google Scholar 

  13. Wang, B., Li, B., Li, H.: Oruta: Privacy-preserving public auditing for shared data in the cloud. In: 2012 IEEE 5th International Conference on Cloud Computing (CLOUD), pp. 295–302 (2012)

    Google Scholar 

  14. Li, L., Xu, L., Li, J., Zhang, C.: Study on the third-party audit in cloud storage service. In: 2011 International Conference on Cloud and Service Computing (CSC), pp. 220–227 (2011)

    Google Scholar 

  15. Patel, H., Patel, D.: A review of approaches to achieve data storage correctness in cloud computing using trusted third party auditor. In: 2012 International Symposium on Cloud and Services Computing (ISCOS), pp. 84–87 (2012)

    Google Scholar 

  16. Zhu, Y., Hu, H., Ahn, G.J., Yau, S.S.: Efficient audit service outsourcing for data integrity in clouds. J. Syst. Softw. 85(5), 1083–1095 (2012)

    Article  Google Scholar 

  17. Shah, M.A., Swaminathan, R., Baker, M.: Privacy-preserving audit and extraction of digital contents. Cryptology eprint archive, report 2008/186 (2008)

    Google Scholar 

  18. SAS70: SAS70, http://sas70.com/sas70_overview.html

  19. U.S. Government Printing Office: HIPAA, http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/html/PLAW-104publ191.htm

  20. ISO: ISO27001:2005, http://www.iso.org/iso/catalogue_detail?csnumber=42103

  21. Cloud Security Alliance (CSA): CloudAudit A6 Cloud Security Alliance, http://cloudaudit.org/

Download references

Author information

Authors and Affiliations

  1. Cloud Research Lab, Furtwangen University of Applied Science, D-78120, Furtwangen, Germany

    Thomas Rübsamen & Christoph Reich

Authors
  1. Thomas Rübsamen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christoph Reich
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STAR Lab, Vrije Universiteit Brussel, Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. CRAN, University of Lorraine, Campus Sciences, BP 70239, 54506, Vandoevre-les-Nancy, France

    Hervé Panetto

  3. Computer Science and Computer Engineering, La Trobe University, 3086, Melbourne, Victoria, Australia

    Tharam Dillon

  4. Dept. of Informatics Systems, University of Klagenfurt, Universitaetsstrasse 65, 9020, Klagenfurt, Austria

    Johann Eder

  5. LIRMM, University of Montpellier II, 161 Rue Ada, 34392, Montpellier Cedex 5, France

    Zohra Bellahsene

  6. Department of Informatics, University of Hamburg, 22527, Hamburg, Germany

    Norbert Ritter

  7. Department of Computer Sciences, VU University Amsterdam, De Boelelaan 1081, 1081 HV, Amsterdam, The Netherlands

    Pieter De Leenheer

  8. Computer and Information Science Department, University of Oregon, 97403, Eugene, OR, USA

    Deijing Dou

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rübsamen, T., Reich, C. (2013). Cloud Audits and Privacy Risks. In: Meersman, R., et al. On the Move to Meaningful Internet Systems: OTM 2013 Conferences. OTM 2013. Lecture Notes in Computer Science, vol 8185. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41030-7_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41030-7_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41029-1

  • Online ISBN: 978-3-642-41030-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation