Publication details

Home Publications Publication details

Sun Behind Clouds - On Automatic Cloud Security Audits and a Cloud Audit Policy Language
Doelitzscher F, Rübsamen T, Karbe T, Reich C, Knahl MH, Clarke NL
International Journal on Advances in Networks and Services, vol 6 no 1 & 2, ISSN: 1942-2644, pp1-16, 2013
Links:  External link available

Studies show that when it comes to an integration
of Cloud computing into enterprises, chief information officers
and management still see some dark Clouds on the horizon.
The biggest one is the lack of security, which results in distrust
and skepticism against the technology, mainly originating from
an intransparency of Cloud environments. To increase this
transparency, the Cloud Research Lab at Furtwangen University
develops the Security Audit as a Service (SAaaS) architecture for
Infrastructure as a Service Cloud environments. It is targeted to
ensure that a desired security level is reached and maintained
within a frequently changing Cloud infrastructure. Despite a
traditional security audit, which includes a comprehensive and
therefore time-consuming security check of a whole infrastructure,
a Cloud security audit needs to be lightweight enough
to be executed right after an infrastructure change occurred,
and precisely target-oriented to perform an audit of the specific
infrastructure components affected by this change. This is called
a concurrent security audit. In this paper, a Cloud audit policy
language for the SAaaS architecture gets presented. First, the
design and implementation of the automated audit system of virtual
machine images, which ensures legal and company policies,
is described. Second, on-demand deployed software audit agents
that maintain and validate the security compliance of running
Cloud services, are discussed.

Doelitzscher F, Rübsamen T, Karbe T, Reich C, Knahl MH, Clarke NL