Secure Activities Monitoring and Auditing in the Cloud
Secure Activities Monitoring and Auditing in the Cloud
Author(s): Lyudmila Zharova, Ivica Stanković, Radomir MihajlovićSubject(s): ICT Information and Communications Technologies
Published by: Fakultet za poslovne studije i pravo
Keywords: Cloud; security; system monitoring; auditing; accountability; forensics; XML; digital signature; encryption
Summary/Abstract: Faced with the current trend of enterprise computing infrastructure being relocated from physical data centers into the cloud, systems and applications security administrators as well as developers are forced to dedicate particular attention to new set of security problems. When making decision about what sort of cloud service to use, the public cloud appears to be the most cost effective. However, to use the public cloud service decision makers have to trust the cloud service provider, who has complete access to the file storage infrastructure and all client files including security relevant system and application log files. In this paper we make a parallel between the financial and computing system event monitoring, we present key clarifying definitions and propose a encryption based log file data privacy solution by selectively protecting only privacy-critical log records. Our solutions do not impose any demands on the existing systems solutions or current systems logging infrastructure maintenance On the contrary, the only conditions are imposed on developers of cloud privacy-sensitive applications and designers of log parsers and analysis tools. In summary, our solutions move system log privacy problems in the cloud into the application layer.
Journal: International Journal of Economics & Law
- Issue Year: 6/2016
- Issue No: 16
- Page Range: 143-151
- Page Count: 9
- Language: English