Privacy preserving public auditing for regenerating code based cloud storagekitechsolutions
Ki-Tech Solutions IEEE PROJECTS DEVELOPMENTS WE OFFER IEEE PROJECTS MCA FINAL YEAR STUDENT PROJECTS, ENGINEERING PROJECTS AND TRAINING, PHP PROJECTS, JAVA AND J2EE PROJECTS, ASP.NET PROJECTS, NS2 PROJECTS, MATLAB PROJECTS AND IPT TRAINING IN RAJAPALAYAM, VIRUDHUNAGAR DISTRICTS, AND TAMILNADU. Mail to: kitechsolutions.in@gmail.com
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...IJERA Editor
In this paper, we utilize the public key based homomorphism authenticator and uniquely integrate it with random mask technique to achieve a privacy-preserving public auditing system for cloud data storage security while keeping all above requirements in mind. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient. We also show how to extent our main scheme to support batch auditing for TPA upon delegations from multi-users.
GxP in the Cloud is a good practice. Here's why.Appian
Pharmaceutical and Life Sciences companies are required
by law to meet Validation and Good Practice Standards
(GxP) when building technology systems. Modern applications in the Cloud allow for cutting-edge systems to meet your organization’s needs today and into the foreseeable future.
Learn how to accelerate your GxP compliance in the cloud in this eBook: http://ap.pn/2fFlCj0
Privacy preserving public auditing for regenerating code based cloud storagekitechsolutions
Ki-Tech Solutions IEEE PROJECTS DEVELOPMENTS WE OFFER IEEE PROJECTS MCA FINAL YEAR STUDENT PROJECTS, ENGINEERING PROJECTS AND TRAINING, PHP PROJECTS, JAVA AND J2EE PROJECTS, ASP.NET PROJECTS, NS2 PROJECTS, MATLAB PROJECTS AND IPT TRAINING IN RAJAPALAYAM, VIRUDHUNAGAR DISTRICTS, AND TAMILNADU. Mail to: kitechsolutions.in@gmail.com
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...IJERA Editor
In this paper, we utilize the public key based homomorphism authenticator and uniquely integrate it with random mask technique to achieve a privacy-preserving public auditing system for cloud data storage security while keeping all above requirements in mind. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient. We also show how to extent our main scheme to support batch auditing for TPA upon delegations from multi-users.
GxP in the Cloud is a good practice. Here's why.Appian
Pharmaceutical and Life Sciences companies are required
by law to meet Validation and Good Practice Standards
(GxP) when building technology systems. Modern applications in the Cloud allow for cutting-edge systems to meet your organization’s needs today and into the foreseeable future.
Learn how to accelerate your GxP compliance in the cloud in this eBook: http://ap.pn/2fFlCj0
Securing Your Customers' Credit Card InformationSkoda Minotti
With the recent news of the payment card industry (PCI) credit card breaches surrounding retailers, ensuring compliance and security in which you process, store and transmit credit card information is paramount.
If you are someone in business who sells goods or services and accepts credit card payments, you will want to plan to join us for this free lunch-and-learn event:
PCI 3.0 - Is Your Organization Ready?
Led by Joe Compton, CISSP, CISA, QSA this presentation features an overview of the PCI Data Security Standards (DSS), PCI 3.0 security framework, point out the changes from the 2.x framework, and provide a plan for organizations to build a PCI compliance program.
ASPECTUAL PATTERNS FOR WEB SERVICES ADAPTATIONijwscjournal
The security policies of an application can change at runtime for some reasons such as the changes on the
user preferences, the performance reasons or the negotiation of security levels between the interacting
parties. If these security policies are embedded in the services, their modifications require to modify the
services, stop and deploy new version. Aspect oriented paradigm provides the possibility to define
separated components that is named aspect. In this paper, in order to fulfill security requirements, we will
classify required changes of services and for each classifications, how aspects injection will be described.
Finally, we will present a pattern for each aspect of each classification.
Enabling cloud storage auditing with key exposure resistance 2Ranjeet Bhalshankar
Cloud storage auditing is viewed as an important
service to verify the integrity of the data in public cloud. Current
auditing protocols are all based on the assumption that the
client’s secret key for auditing is absolutely secure. However,
such assumption may not always be held, due to the possibly
weak sense of security and/or low security settings at the client.
If such a secret key for auditing is exposed, most of the current
auditing protocols would inevitably become unable to work. In
this paper, we focus on this new aspect of cloud storage auditing.
We investigate how to reduce the damage of the client’s key
exposure in cloud storage auditing, and give the first practical
solution for this new problem setting. We formalize the definition
and the security model of auditing protocol with key-exposure
resilience and propose such a protocol. In our design, we employ
the binary tree structure and the pre-order traversal technique
to update the secret keys for the client. We also develop a novel
authenticator construction to support the forward security and
the property of blockless verifiability. The security proof and the
performance analysis
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Montrium
Want to deploy a new technology solution but not sure where to begin? These slides cover key considerations for choosing a vendor with cloud compliance and validation in mind. With the Office 365 subscription-based service gaining considerable momentum in the life sciences, it's important to stay ahead of the technological and regulatory curve and consider how an EDMS system will bring improvements to managing your GxP content.
Here we cover the following topics:
-Vendor assessment of Microsoft
-Subscription basics of Office 365
-Review of ISO/SOC audit reports
-Ensuring that no critical observations are made
-Security and quality controls in place
You can follow along with this presentation via webinar format:
https://info.montrium.com/strategies-for-conducting-gxp-vendor-assessment-of-cloud-service-providers
Tool Integration is an effective technique of integrating tools of the same or different classes to build a robust tool framework to support various business operations.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org
SLALOM Webinar Final Technical Outcomes Explanined "Using the SLALOM Technica...Oliver Barreto Rodríguez
SLALOM organized two live sessions to present the final versions of our legal terms and technical specifications for #Cloud #SLAs. The sessions provide examples showing how to practically apply SLALOM to improve current practice in the industry for # Cloud #SLAs and support development of cloud computing metrics.
The first webinar covered SLALOM Technical track "Using metrics to improve Cloud SLAs".
This presentation reviews the regulatory requirements for intended use validation of SaaS-based EDC systems from the Sponsor and CRO perspective and provides best practices for implementing the proper validation in your organization.
Attribute based encryption with verifiable outsourced decryptionIEEEFINALYEARPROJECTS
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org
Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...Yokogawa1
In recent years, Koch Industries has accelerated its digitalization efforts to increase safety and competitiveness of its key manufacturing / production assets. The company is on a journey toward “Plant of the Future”. This involves developing a solid digital foundation, off which to transition and transform into The Plant Of The Future. This presentation will outline how Koch is developing and implementing its digital strategy.
SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...Oliver Barreto Rodríguez
SLALOM organized two live sessions to present the final versions of our legal terms and technical specifications for #Cloud #SLAs. The sessions provide examples showing how to practically apply SLALOM to improve current practice in the industry for # Cloud #SLAs and support development of cloud computing metrics.
The second webinar covered SLALOM legal track, "Ready to Use Cloud Master Agreement for SLAs". You can now have access to the slides used in the legal webinar here.
Attribute-based encryption (ABE) is a public-key based one-to-many encryption that allows users to encrypt and decrypt data based on user attributes.
A promising application of ABE is flexible access control of encrypted data stored in the cloud, using access polices and ascribed attributes associated with private keys and ciphertexts.One of the main efficiency drawbacks of the existing ABE schemes is that decryption involves expensive pairing operations and the number of such operations grows with the complexity of the access policy. Recently, Green et al. proposed an ABE system with outsourced decryption that largely eliminates the decryption overhead for users.
In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE cipher text satisfied by that user’s attributes or access policy into a simple cipher text, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed cipher text.
Security of an ABE system with outsourced decryption ensures that an adversary (including a malicious cloud) will not be able to learn anything about the encrypted message; however, it does not guarantee the correctness of the transformation done by the cloud.
In this paper, we consider a new requirement of ABE with outsourced decryption: verifiability. Informally, verifiability guarantees that a user can efficiently check if the transformation is done correctly.
We give the formal model of ABE with verifiable outsourced decryption and propose a concrete scheme. We prove that our new scheme is both secure and verifiable, without relying on random oracles.
Finally, we show an implementation of our scheme and result of performance measurements, which indicates a significant reduction on computing resources imposed on users.
http://kaashivinfotech.com/
http://inplanttrainingchennai.com/
http://inplanttraining-in-chennai.com/
http://internshipinchennai.in/
http://inplant-training.org/
http://kernelmind.com/
http://inplanttraining-in-chennai.com/
http://inplanttrainingchennai.com/
InfTo improve the quality of network performance through advanced communication
services and authorized users in equal access to state-of-the-art technology.
GDPR Compliance Countdown - Is your Application environment ready?QualiQuali
Is Your Application Environment Ready?
Data Privacy regulation is top of mind this semester with the GDPR enforcement in Europe coming into effect May 25th, 2018.
Most companies doing business with the EU have to perform an assessment of their current applications and data policies to make sure they are going to be compliant. This is a burdensome and tedious task if done manually. How do you use automation and maximize the efficiency of this process? This is what we discuss in this presentation.
Business and IT leaders are understandably reluctant to retire considerable, legacy investment in technology, people, and processes due to security, risk, and regulatory compliance obligations. This creates a hybrid IT deployment model: an on-premise landscape of existing or legacy systems and off-premise cloud deployment of suitable IT capability.
The ODCA believes that integration of cloud deployments with enterprise landscapes should consider people, process, technology, and operating models. Doing so encourages faster cloud adoption, leverages existing enterprise investments in IT landscape and helps govern safe cloud adoption through effective risk and compliance management.
Watch webinar on-demand at https://www.brighttalk.com/channel/9831
Download “Cloud Coexistence with Extant Enterprise Systems,” a whitepaper published by ODCA and top member companies.
Project Business Case and Capital Justification for Implementation of Applica...Duane Bodle
Business Case and Capital Justification Presentation For
Application Performance Monitoring and Retrospective Network Analysis Implementation. *** This Presentation Has Been Sanitized of IP Information ***
Securing Your Customers' Credit Card InformationSkoda Minotti
With the recent news of the payment card industry (PCI) credit card breaches surrounding retailers, ensuring compliance and security in which you process, store and transmit credit card information is paramount.
If you are someone in business who sells goods or services and accepts credit card payments, you will want to plan to join us for this free lunch-and-learn event:
PCI 3.0 - Is Your Organization Ready?
Led by Joe Compton, CISSP, CISA, QSA this presentation features an overview of the PCI Data Security Standards (DSS), PCI 3.0 security framework, point out the changes from the 2.x framework, and provide a plan for organizations to build a PCI compliance program.
ASPECTUAL PATTERNS FOR WEB SERVICES ADAPTATIONijwscjournal
The security policies of an application can change at runtime for some reasons such as the changes on the
user preferences, the performance reasons or the negotiation of security levels between the interacting
parties. If these security policies are embedded in the services, their modifications require to modify the
services, stop and deploy new version. Aspect oriented paradigm provides the possibility to define
separated components that is named aspect. In this paper, in order to fulfill security requirements, we will
classify required changes of services and for each classifications, how aspects injection will be described.
Finally, we will present a pattern for each aspect of each classification.
Enabling cloud storage auditing with key exposure resistance 2Ranjeet Bhalshankar
Cloud storage auditing is viewed as an important
service to verify the integrity of the data in public cloud. Current
auditing protocols are all based on the assumption that the
client’s secret key for auditing is absolutely secure. However,
such assumption may not always be held, due to the possibly
weak sense of security and/or low security settings at the client.
If such a secret key for auditing is exposed, most of the current
auditing protocols would inevitably become unable to work. In
this paper, we focus on this new aspect of cloud storage auditing.
We investigate how to reduce the damage of the client’s key
exposure in cloud storage auditing, and give the first practical
solution for this new problem setting. We formalize the definition
and the security model of auditing protocol with key-exposure
resilience and propose such a protocol. In our design, we employ
the binary tree structure and the pre-order traversal technique
to update the secret keys for the client. We also develop a novel
authenticator construction to support the forward security and
the property of blockless verifiability. The security proof and the
performance analysis
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Montrium
Want to deploy a new technology solution but not sure where to begin? These slides cover key considerations for choosing a vendor with cloud compliance and validation in mind. With the Office 365 subscription-based service gaining considerable momentum in the life sciences, it's important to stay ahead of the technological and regulatory curve and consider how an EDMS system will bring improvements to managing your GxP content.
Here we cover the following topics:
-Vendor assessment of Microsoft
-Subscription basics of Office 365
-Review of ISO/SOC audit reports
-Ensuring that no critical observations are made
-Security and quality controls in place
You can follow along with this presentation via webinar format:
https://info.montrium.com/strategies-for-conducting-gxp-vendor-assessment-of-cloud-service-providers
Tool Integration is an effective technique of integrating tools of the same or different classes to build a robust tool framework to support various business operations.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org
SLALOM Webinar Final Technical Outcomes Explanined "Using the SLALOM Technica...Oliver Barreto Rodríguez
SLALOM organized two live sessions to present the final versions of our legal terms and technical specifications for #Cloud #SLAs. The sessions provide examples showing how to practically apply SLALOM to improve current practice in the industry for # Cloud #SLAs and support development of cloud computing metrics.
The first webinar covered SLALOM Technical track "Using metrics to improve Cloud SLAs".
This presentation reviews the regulatory requirements for intended use validation of SaaS-based EDC systems from the Sponsor and CRO perspective and provides best practices for implementing the proper validation in your organization.
Attribute based encryption with verifiable outsourced decryptionIEEEFINALYEARPROJECTS
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org
Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...Yokogawa1
In recent years, Koch Industries has accelerated its digitalization efforts to increase safety and competitiveness of its key manufacturing / production assets. The company is on a journey toward “Plant of the Future”. This involves developing a solid digital foundation, off which to transition and transform into The Plant Of The Future. This presentation will outline how Koch is developing and implementing its digital strategy.
SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...Oliver Barreto Rodríguez
SLALOM organized two live sessions to present the final versions of our legal terms and technical specifications for #Cloud #SLAs. The sessions provide examples showing how to practically apply SLALOM to improve current practice in the industry for # Cloud #SLAs and support development of cloud computing metrics.
The second webinar covered SLALOM legal track, "Ready to Use Cloud Master Agreement for SLAs". You can now have access to the slides used in the legal webinar here.
Attribute-based encryption (ABE) is a public-key based one-to-many encryption that allows users to encrypt and decrypt data based on user attributes.
A promising application of ABE is flexible access control of encrypted data stored in the cloud, using access polices and ascribed attributes associated with private keys and ciphertexts.One of the main efficiency drawbacks of the existing ABE schemes is that decryption involves expensive pairing operations and the number of such operations grows with the complexity of the access policy. Recently, Green et al. proposed an ABE system with outsourced decryption that largely eliminates the decryption overhead for users.
In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE cipher text satisfied by that user’s attributes or access policy into a simple cipher text, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed cipher text.
Security of an ABE system with outsourced decryption ensures that an adversary (including a malicious cloud) will not be able to learn anything about the encrypted message; however, it does not guarantee the correctness of the transformation done by the cloud.
In this paper, we consider a new requirement of ABE with outsourced decryption: verifiability. Informally, verifiability guarantees that a user can efficiently check if the transformation is done correctly.
We give the formal model of ABE with verifiable outsourced decryption and propose a concrete scheme. We prove that our new scheme is both secure and verifiable, without relying on random oracles.
Finally, we show an implementation of our scheme and result of performance measurements, which indicates a significant reduction on computing resources imposed on users.
http://kaashivinfotech.com/
http://inplanttrainingchennai.com/
http://inplanttraining-in-chennai.com/
http://internshipinchennai.in/
http://inplant-training.org/
http://kernelmind.com/
http://inplanttraining-in-chennai.com/
http://inplanttrainingchennai.com/
InfTo improve the quality of network performance through advanced communication
services and authorized users in equal access to state-of-the-art technology.
GDPR Compliance Countdown - Is your Application environment ready?QualiQuali
Is Your Application Environment Ready?
Data Privacy regulation is top of mind this semester with the GDPR enforcement in Europe coming into effect May 25th, 2018.
Most companies doing business with the EU have to perform an assessment of their current applications and data policies to make sure they are going to be compliant. This is a burdensome and tedious task if done manually. How do you use automation and maximize the efficiency of this process? This is what we discuss in this presentation.
Business and IT leaders are understandably reluctant to retire considerable, legacy investment in technology, people, and processes due to security, risk, and regulatory compliance obligations. This creates a hybrid IT deployment model: an on-premise landscape of existing or legacy systems and off-premise cloud deployment of suitable IT capability.
The ODCA believes that integration of cloud deployments with enterprise landscapes should consider people, process, technology, and operating models. Doing so encourages faster cloud adoption, leverages existing enterprise investments in IT landscape and helps govern safe cloud adoption through effective risk and compliance management.
Watch webinar on-demand at https://www.brighttalk.com/channel/9831
Download “Cloud Coexistence with Extant Enterprise Systems,” a whitepaper published by ODCA and top member companies.
Project Business Case and Capital Justification for Implementation of Applica...Duane Bodle
Business Case and Capital Justification Presentation For
Application Performance Monitoring and Retrospective Network Analysis Implementation. *** This Presentation Has Been Sanitized of IP Information ***
Webinar presentation September 20, 2016.
This deck introduces the CSCC’s deliverable, Cloud Security Standards: What to Expect and What to Negotiate V2.0, which was updated in August 2016 to reflect the latest developments in cloud security standards. The presentation is an overview of the various security standards, frameworks, and certifications that exist for cloud computing. This information will help cloud customers understand and distinguish between the different types of security standards that exist and assess the security standards support of their cloud service providers.
Read the CSCC's deliverable here: http://www.cloud-council.org/deliverables/cloud-security-standards-what-to-expect-and-what-to-negotiate.htm
2011-2012 Cloud Assessment Tool (CAT) White Paperaccacloud
The Cloud Assessment Tool (CAT) was developed by the Asia Cloud Computing Association (ACCA). It was refined through extensive and in-depth discussions over a period of 2 years between members of the WG and by looking at relevant cloud and IT specifications.
The CAT defines the requirements placed on IaaS/PaaS solution providers to support stringent cloud applications. However, that perspective was subsequently extended to cover all application requirements. As such, its final realization has broad applicability.
For more information, visit http://www.asiacloudcomputing.org
RUNNING HEAD Intersession 6 Final Project Projection1Interse.docxjeanettehully
RUNNING HEAD: Intersession 6 Final Project Projection 1
Intersession 6 Final Project Projection 5
Intersession 6 Final Project Projection
Shalini Kantamneni
Ottawa University
Intersession 6 Final Project Projection
The policies and service agreements
The acceptable use policy issued by the cloud service provider should restrict the use of his resources in unlawful and fraudulent activity. The cloud service provider is to maintain an extensive profile of the activities of the cloud service customer through logging to comply with the government's needs for auditing. The cloud service customer is to strictly abide by this policy for secure computing.
The processing of personal data by both the cloud service customer and the cloud service provider should portray compliance to the GDPR data protection standard (Surbiryala, Agrawal & Rong, 2018). Both parties are to be tasked with ensuring that the processing practices are in line with this and other laws that advocate for data protection. It is upon the cloud service customer to ensure that these laws and regulations are abided by and that the roles and responsibilities that are derived from an agreement between him and the cloud service provider do not hamper his plan.
The payment will be expected based on a pay-as-you-go schedule. The cloud service customer is to identify the services and architecture which he would require from the cloud computing environment and set these components apart from those he would not require. Charges are to be calculated based on the set of architecture utilized and the period within which the selected architecture is dedicated to his use.
The cloud service provider holds the privilege of temporarily suspending cloud services issued to a cloud service customer in the case that there are security risks, there is the delay in payments and if there is the abnormal use of cloud services that contradicts the agreement for fair use. It is the responsibility of the cloud service customer to ensure that he strictly abides by the agreement with the cloud service provider on the terms of use and the right of the cloud service provider to consistently monitor the activities of the cloud service customer to ensure compliance to this agreement.
The cloud service provider also holds the privilege of terminating or closing a cloud service customer’s account in the case that the cloud service customer does not commit himself to the sets of agreements made with the cloud service provider. The cloud service provider is to issue warnings that lead to temporary suspension before a notification is issued prior to account termination in the case that there are no changes after the temporary suspension.
The indemnification policy immunizes the cloud service provider from any sorts of claims issued by the cloud service customer that connects the cloud service provider to instances of damage or loss. It is the responsibility of the cloud service customer to ensure his compl ...
Webinar presentation: November 17, 2016
Subject matter experts from the CSCC present an overview of the security standards, frameworks, and certifications that exist for cloud computing. We also discuss privacy considerations in light of new regulations (e.g., EU’s General Data Protection Regulation (GDPR)). This presentation helps cloud customers understand and distinguish between the different types of security standards that exist and assess the security standards support of their cloud service providers.
Read the CSCC's deliverable, Cloud Security Standards: What to Expect and What to Negotiate: http://www.cloud-council.org/deliverables/cloud-security-standards-what-to-expect-and-what-to-negotiate.htm
1. CONTINUOUS LEGAL COMPLIANCE AUDITING
FOR DISTRIBUTED IT INFRASTRUCTURES
Jonathan Sinclair
To investigate the methodologies and mechanisms for enabling continuous
and predictive compliance auditing by developing a proof of concept in a
distributed computing environment.
2013
2. 2
Background
Auditing Legislation & Regulation
Customer Data
Legislation
Government
Auditor
Compliance CheckCompliance Report
Regulation
Regulator
creates creates
Businesses
have to
comply with
store and are
responsible for
use IT to improve
operations
IT Department
have to
comply with
Governance
Compliance
Customer Data
Legislation
Government
Auditor
Compliance CheckCompliance Report
Regulation
Regulator
creates creates
Businesses
have to
comply with
store and are
responsible for
use IT to improve
operations
IT Department
have to
comply with
Governance
Compliance
Thesis Chapter 2
3. 3
Background
Big Data problem
PoS
SFA
ERP
SCM
Front Office
Finance
SCM
CRM
Tracking
Service
Partner
Back Office
Field CRM
Adapter
Adapter
Integration Broker
AS
ERP
Custom and
Package Apps
XI
HW
Adapter
Infrastructure
Data
Presentation CRM
Broker
Legacy NW
VM
DB
Cloud Provider
Thesis Chapter 3
6. 6
Enabling Distributed Compliance Auditing
Processing of Big Data Logs
“A complex system that works is invariably found to have evolved from a simple system that works”
John Gaule
time
1 2 3 4 5 6 7 8 9
Level 0: Normalize Events
Level 1: Event Extraction (Anomalous Filtering)
Level 2: Event Context / Relationships
Level 3: SLA Assessment
Level 4: Compliance Analysis
Level 5: Audit Reporting
Thesis Chapter 5
MessageEvent
Message
Content
Data usage
info
retention
locality
Timestamp
Type
e.g. user info,
machine info
Source Cloud-ID
Physical device
VM-ID
7. 7
Enabling Distributed Compliance Auditing
Processing of Big Data Logs
1. Capture simple events
4. Notify people, invoke response and services, etc..
2. Transport events
3. Apply rules: filter, correlate, apply
constraints, aggregate, update event logs
Subprocess
Audit
Dashboard
Audit Alerts
CEP
Complex
Event
CEP
CEP
Complex
Event
Complex
Event
Complex
Event
BPM
Event
Event
Event
E
S
B
Thesis Chapter 5
9. 9
Enabling Distributed Compliance Auditing
Auditing Data Privacy and Geo-locality
Thesis Chapter 6
Data at Rest
Deployed within compliant jurisdiction (EU)
Data stored in distributed manner across multiple compliant jurisdictions (EU)
Data in Transit
Migrated to non-compliant jurisdiction (US)
Data transferred outside compliant jurisdiction (EU > US)
Data-set from distributed storage migrated outside compliant jurisdiction (EU > US)
Data in Use
Data accessed and processed by non-compliant jurisdiction. (US)
Audit report generated from the Deployment of a service in a cloud environment under the
following conditions:
10. 10
Case Study and Evaluation
Auditing Cloud Supply Chains
Thesis Chapter 7
Cloud computing tends towards a service marketplace in which composite services will be
created in the form of a cloud supply chain, this leads to problems in assuring data privacy.
11. 11
Case Study and Evaluation
Verifying Compliance Audits
Validation of the methodology will be conducted at each stage of the lifecycle
• Definition of requirement > based on legislation
• Creation of SLA > based on requirements and consumer constraints
• Enforcement of SLA > based on accuracy of results output
• Reporting Compliance Results > based on accuracy of results output
• Scalability > based on events (quantity, frequency) and rules
Verification of this process will then be carried out in two stages
• Expectation and accuracy of results from synthetic test cases
• Unaccounted scenarios
Thesis Chapter 7
13. Thank You!
Conference / Publications
Year Type Event Title
2010 Presentation CloudSlam’10 Auditing in Cloud Computing
2011 Paper +
Presentation
CLOSER Cloud Computing Conference Architecture for Compliance Analysis of Distributed
Service Based Systems
2011 Poster ACM WebSci 2011 Compliance Auditing for Cloud Computing:
Investigation into the methodologies and mechanisms
for enabling real-time compliance auditing
2011 Patent -- 1 IDF accepted that cannot be disclosed
2011 Paper +
Presentation
eChallenges EU Conference Auditing Issues for Cloud-based Business Services: a
CRM Case Study
2011 Poster ETSI Cloud Auditing in Future Web-based Infrastructures
2012 Book
Chapter
IGI Global: Achieving Federated and Self-
Manageable Cloud infrastructures
Deploying and running enterprise grade applications in
Federated Clouds
2012 Patent -- 2 IDFs accepted that cannot be disclosed
2013 Paper /
Journal
Pending Completion Auditing Issues for the Cloud Supply Chain:
A Data Protection Case Study
2013 Patent -- 3 IDFs pending submission
14. 14
PhD Scope
Aims & Objectives
Scope Elements Description
Aims
(Describe the overall goal you are
aiming at)
Investigate the fundamental challenges arising from auditing Cloud infrastructures
To construct a cloud-based service which incorporates an audit engine for some aspects
of compliance analysis
Objectives/Deliverables
(Describe the several
outcomes/results of the project)
Determine how compliance regulations should be stated in SLA’s
Develop an auditing engine which can monitor compliance of services within a cloud
Audit the compliance of the data geo-locality throughout the service lifecycle
In Scope
(Describe what needs to be done in
order to achieve the named
objectives/ deliverables)
Investigate the significance of placement in determining how an auditing component
would be deployed in a cloud architecture
Enhancing and developing new compliance extensions for SLAs
Creation and storage of auditing logs and
Configuration and maintenance of audit trails
Out of Scope
(Describe what kind of tasks are not
part of this project which are
somehow related however.)
Weighting the accuracy and relevance of events using Argumentation Theory
Optimisation of SLA conditions in circumstances of conflicting requirements
19. 19
Logging Architecture
Data Storage
Meet the requirements
►Scalability
►Distributed storage
►Dynamically extensible
►Reliability
►Usage of RAID possible
►Event based
►Loose coupling of ESB and Storage
►Self auditing
►Report database access
Editor's Notes
Virtualization: Dynamic, Multi-tenancy
Cloud Computing: Scalable, Federated, Cross-jurisdictional, Pay-per-use
Business as a collection of services: Granular