skip to main content
research-article

A case for the accountable cloud

Published: 14 April 2010 Publication History

Abstract

For many companies, clouds are becoming an interesting alternative to a dedicated IT infrastructure. However, cloud computing also carries certain risks for both the customer and the cloud provider. The customer places his computation and data on machines he cannot directly control; the provider agrees to run a service whose details he does not know. If something goes wrong - for example, data leaks to a competitor, or the computation returns incorrect results - it can be difficult for customer and provider to determinewhich of themhas caused the problem, and, in the absence of solid evidence, it is nearly impossible for them to hold each other responsible for the problem if a dispute arises.
In this paper, we propose that the cloud should be made accountable to both the customer and the provider. Both parties should be able to check whether the cloud is running the service as agreed. If a problem appears, they should be able to determine which of them is responsible, and to prove the presence of the problem to a third party, such as an arbitrator or a judge. We outline the technical requirements for an accountable cloud, and we describe several challenges that are not yet met by current accountability techniques.

References

[1]
Carlisle Adams, Pat Cain, Denis Pinkas, and Robert Zuccherato. RFC 3161: Internet X.509 public key infrastructure timestamp protocol (TSP). http://tools.ietf.org/rfc/rfc3161.txt, August 2001.
[2]
Amazon Web Services. TC3 Health case study. http://aws.amazon.com/solutions/case-studies/tc3-health/.
[3]
Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy H. Katz, Andrew Konwinski, Gunho Lee, David A. Patterson, Ariel Rabkin, Ion Stoica, and Matei Zaharia. Above the clouds: A Berkeley view of cloud computing. Technical Report EECS-2009-28, University of California at Berkeley, February 2009.
[4]
Christian Cachin, Idit Keidar, and Alexander Shraer. Trusting the cloud. ACM SIGACT News, 40(2):81--86, June 2009.
[5]
Edmund M. Clarke, Orna Grumberg, and David E. Long. Model checking and abstraction. ACM Transactions on Programming Languages and Systems, 16(5):1512--1542, 1994.
[6]
George W. Dunlap, Samuel T. King, Sukru Cinar, Murtaza Basrai, and Peter M. Chen. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In Proc. OSDI, December 2002.
[7]
Andreas Haeberlen, Petr Kuznetsov, and Peter Druschel. PeerReview: Practical accountability for distributed systems. In Proc. SOSP, October 2007.
[8]
Leslie Lamport, Robert Shostak, andMarshall Pease. The Byzantine generals problem. ACM Transactions on Programming Languages and Systems, 4(3):382--401, 1982.
[9]
Dave Levin, John R. Douceur, Jacob R. Lorch, and Thomas Moscibroda. TrInc: Small trusted hardware for large distributed systems. In Proc. NSDI, Apr 2009.
[10]
Nikolaos Michalakis, Robert Soulé, and Robert Grimm. Ensuring content integrity for untrusted peer-to-peer content distribution networks. In Proc. NSDI, April 2007.
[11]
James Newsome and Dawn Xiaodong Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proc. NDSS, February 2005.
[12]
Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues. Towards trusted cloud computing. In Proc. HotCloud, June 2009.
[13]
Aydan R. Yumerefendi and Jeffrey S. Chase. Trust but verify: Accountability for internet services. In ACM SIGOPS European Workshop, September 2004.
[14]
Aydan R. Yumerefendi and Jeffrey S. Chase. Strong accountability for network storage. ACM Transactions on Storage, 3(3):11, 2007.

Cited By

View all
  • (2025)Accountable Decryption Made Formal and PracticalIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.351580820(620-635)Online publication date: 1-Jan-2025
  • (2023)Accountable Clouds Through BlockchainIEEE Access10.1109/ACCESS.2023.327624011(48358-48374)Online publication date: 2023
  • (2022)UCSP: A Framework to Tackle the Challenge of Dependency Chain in Cloud ForensicsMachine Intelligence and Data Science Applications10.1007/978-981-19-2347-0_49(621-637)Online publication date: 2-Aug-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM SIGOPS Operating Systems Review
ACM SIGOPS Operating Systems Review  Volume 44, Issue 2
April 2010
92 pages
ISSN:0163-5980
DOI:10.1145/1773912
Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2010
Published in SIGOPS Volume 44, Issue 2

Check for updates

Qualifiers

  • Research-article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)15
  • Downloads (Last 6 weeks)2
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Accountable Decryption Made Formal and PracticalIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.351580820(620-635)Online publication date: 1-Jan-2025
  • (2023)Accountable Clouds Through BlockchainIEEE Access10.1109/ACCESS.2023.327624011(48358-48374)Online publication date: 2023
  • (2022)UCSP: A Framework to Tackle the Challenge of Dependency Chain in Cloud ForensicsMachine Intelligence and Data Science Applications10.1007/978-981-19-2347-0_49(621-637)Online publication date: 2-Aug-2022
  • (2021)Cloud Computing Adoption for Healthcare: An Empirical Study Using SEM ApproachFIIB Business Review10.1177/2319714521101250510:3(255-275)Online publication date: 25-May-2021
  • (2021)Outlining TraceabilityProceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency10.1145/3442188.3445937(758-771)Online publication date: 3-Mar-2021
  • (2021)Accountability as a Foundation for Requirements in Sociotechnical SystemsIEEE Internet Computing10.1109/MIC.2021.310683525:6(33-41)Online publication date: 1-Nov-2021
  • (2021)Blockchain for Embedded System Accountability2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)10.1109/ICBC51069.2021.9461143(1-5)Online publication date: 3-May-2021
  • (2021)Cloud Computing Based Learning Web Application Through Amazon Web Services2021 7th International Conference on Advanced Computing and Communication Systems (ICACCS)10.1109/ICACCS51430.2021.9441974(472-475)Online publication date: 19-Mar-2021
  • (2020)New Foundations of Ethical Multiagent SystemsProceedings of the 19th International Conference on Autonomous Agents and MultiAgent Systems10.5555/3398761.3398958(1706-1710)Online publication date: 5-May-2020
  • (2020)CLOUD COMPUTING SECURITY AND ITS CHALLENGESi-manager’s Journal on Cloud Computing10.26634/jcc.7.2.179657:2(20)Online publication date: 2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media