Embedding a Distributed Auditing Mechanism in the Service Cloud | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2014 IEEE World Congress on S...

Embedding a Distributed Auditing Mechanism in the Service Cloud

PDF
Sarra Alqahtani; Rose Gamble
All Authors

Abstract:

The Cloud Security Alliance identified the "notorious nine" threats for cloud computing. The range of these threats across the cloud indicates that centralized prevention...Show More

Metadata

Abstract:

The Cloud Security Alliance identified the "notorious nine" threats for cloud computing. The range of these threats across the cloud indicates that centralized prevention and detection would be highly inefficient, potentially reporting incidents to tenants well after they occur and are difficult to mitigate. This paper presents an auditing framework for the service cloud that distributes logging, monitoring, and reporting at the local service level, at the application or session level that can involve multiple tenant services, and at the cloud level where corroboration and verification of threats takes place. To verify the forensic coverage of the framework, a set of CAPEC attack patterns are investigated to match attack evidence gathering and mitigation techniques with the proposed distributed detection and mitigation levels of the framework.
Published in: 2014 IEEE World Congress on Services
Date of Conference: 27 June 2014 - 02 July 2014
Date Added to IEEE Xplore: 22 September 2014
ISBN Information:
Print ISSN: 2378-3818
DOI: 10.1109/SERVICES.2014.22
Conference Location: Anchorage, AK, USA
References is not available for this document.
Contents

I. Introduction

Cloud computing is radically changing how computing services are created, delivered, accessed and managed. Thus, it provides new avenues for cybercrimes requiring updated prevention and detection methods. Cloud forensic investigation can increase the robustness and reliability of clouds. NIST [1] divides the forensic investigation process into three steps: data collection, examination, and analysis. These three steps should preserve the integrity of the collected data. Currently, the area of cloud forensics requires significant research efforts to design forensic architectures, craft novel investigative approaches, and define legislative policies and mechanisms for cloud systems [2] [3] [4].

References is not available for this document.

Contact IEEE to Subscribe

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.