Towards Auditing of Cloud Provider Chains using CloudTrust Protocol

Thomas Rübsamen; Dirk Hölscher; Christoph Reich

doi:10.5220/0005860500830094

Towards Auditing of Cloud Provider Chains using CloudTrust Protocol

Thomas Rübsamen, Dirk Hölscher, Christoph Reich

2016

Abstract

Although cloud computing can be considered mainstream today, there is still a lack of trust in cloud providers, when it comes to the processing of private or sensitive data. This lack of trust is rooted in the lack of transparency of the provider's data handling practices, security controls and their technical infrastructures. This problem worsens when cloud services are not only provisioned by a single cloud provider, but a combination of several independent providers. The main contributions of this paper are: we propose an approach to automated auditing of cloud provider chains with the goal of providing evidence-based assurance about the correct handling of data according to pre-defined policies. We also introduce the concepts of individual and delegated audits, discuss policy distribution and applicability aspects and propose a lifecycle model. Our previous work on automated cloud auditing and Cloud Security Alliance's (CSA) CloudTrust Protocol form the basis for the proposed system for provider chain auditing.

Download

Paper Citation

in Harvard Style

Rübsamen T., Hölscher D. and Reich C. (2016). Towards Auditing of Cloud Provider Chains using CloudTrust Protocol . In Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-182-3, pages 83-94. DOI: 10.5220/0005860500830094

in Bibtex Style

@conference{closer16,
author={Thomas Rübsamen and Dirk Hölscher and Christoph Reich},
title={Towards Auditing of Cloud Provider Chains using CloudTrust Protocol},
booktitle={Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2016},
pages={83-94},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005860500830094},
isbn={978-989-758-182-3},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Towards Auditing of Cloud Provider Chains using CloudTrust Protocol
SN - 978-989-758-182-3
AU - Rübsamen T.
AU - Hölscher D.
AU - Reich C.
PY - 2016
SP - 83
EP - 94
DO - 10.5220/0005860500830094