TITLE:
Extending Auditing Models to Correspond with Clients’ Needs in Cloud Environments
AUTHORS:
Rizik M. H. Al-Sayyed, Esam Y. Al-Nsour, Laith M. Al-Omari
KEYWORDS:
Auditing, Public Audibility, Dynamic Data Auditing, Spatial Control, Temporal Control, Logging Data, Contractual Obligations
JOURNAL NAME:
International Journal of Communications, Network and System Sciences,
Vol.9 No.9,
September
14,
2016
ABSTRACT: The user control over the life cycle of
data is of an extreme importance in clouds in order to determine whether the
serviceprovider adheres to the client’s pre-specified needs in the
contract between them or not, significant clients concerns raise on some
aspects like social, location and the laws to which the data are subject to.
The problem is even magnified more with the lack of transparency by Cloud
Service Providers (CSPs). Auditing and compliance enforcement introduce
different set of challenges in cloud computing that are not yet resolved. In
this paper, a conducted questionnaire showed that the data owners have real
concerns about not just the secrecy and integrity of their data in cloud
environment, but also for spatial, temporal, and legal issues related to their
data especially for sensitive or personal data. The questionnaire results show
the importance for the data owners to address mainly three major issues: Their
ability to continue the work, the secrecy and integrity of their data, and the
spatial, legal, temporal constraints related to their data. Although a good
volume of work was dedicated for auditing in the literature, only little work
was dedicated to the fulfillment of the contractual obligations of the CSPs.
The paper contributes to knowledge by proposing an extension to the auditing
models to include the fulfillment of contractual obligations aspects beside the
important aspects of secrecy and integrity of client’s data.