Professional Documents
Culture Documents
Abstract:
Cloud service certifications (CSC) attempt to assure a high level of security and compliance.
However, considering that cloud services are part of an ever-changing environment, multi-year validity periods
may put in doubt reliability of such certifications. We argue that continuous auditing (CA) of selected
certification criteria is required to assure continuously reliable and secure cloud services, and thereby increase
trustworthiness of certifications. CA of cloud services is still in its infancy, thus, we conducted a thorough
literature review, interviews, and workshops with practitioners to conceptualize architecture for continuous
cloud service auditing. Our study shows that various criteria should be continuously audited. Yet, we reveal
that most of existing methodologies are not applicable for third party auditing purposes. Therefore, we propose
a conceptual CA architecture, and highlight important components and processes that have to be implemented.
Finally, we discuss benefits and challenges that have to be tackled to diffuse the concept of continuous cloud
service auditing. We contribute to knowledge and practice by providing applicable internal and third party
auditing methodologies for auditors and providers, linked together in a conceptual architecture. Further on, we
provide groundings for future research to implement CA in cloud service contexts
.
control layers [8], which help to monitor and and legal compliance of cloud services.
audit information systems. However, past Recent research suggests that CA is required
research has mostly examined CA for to deal with the ever-changing environment
internal purposes only. In the context of CC, of cloud services and to in-crease
researchers recently proposed the means to trustworthiness of CSC [6, 16, 17].
enable third party authorities to audit data Continuous auditing is defined as a
integrity [9], data location compliance [10], methodology that enables independent
and changes of cloud infrastructure [11] auditors to provide written assurance on a
among others. Aside from these special subject matter, using a series of auditors’
purpose methodologies, re-search currently reports issued virtually simultaneously with,
lacks a comprehensive architecture, enabling or a short period of time after, the
third party auditors to continuously audit a occurrence of events underlying the subject
broad variety of CSC criteria. matter [18]. Thus, CA enables auditors to
immediately re-act to changes or events
2. LITERATURE SURVEY concerning the subject matter and to adjust
Cloud computing enables ubiquitous, their auditing reports based on assessment of
on-demand net-work access to a shared pool these changes and events.
of configurable computing re-sources that
can be rapidly provisioned and released with Disadvantages of existing System
minimal management effort or service 1. Long validity periods may put in
provider interaction [13]. These resources doubt reliability of issued
refer, for instance, to hardware, development certifications.
platforms, and applications. CC entails five 2. Data Integrity.
essential characteristics, that are: provision 3. Proposed System
of (i) on-demand self-service access to (ii) In MultiCloud environment, remote
virtualized, shared, and managed IT data integrity checking is required to secure
resources that are (iii) scalable on-demand, user’s data. User will upload file to Cloud.
(iv) available over a network, and (v) priced This file is split into blocks using Dynamic
on a pay-per-use basis. These characteristics Block generation Algorithm and stored in a
challenge current assessment processes [6]. Multi Cloud environment. File Allocation
Therefrom, CC faces a broad range of Table (FAT) File System has proper
security issues, including accessibility Indexing and Metadata’s for the different
vulnerabilities, privacy, and control issues as Chunks of the Cloud Storage.Herethe
well as issues related to data integrity and auditor agrees to inspect logs, which are
data confidentiality [1].Extant research routinely created during monitoring
already proposes certifications and audits as operations by services providers to assess
detective controls and good means to assess certification adherence.If Attacker corrupts
quality and performance of IT services in data in MultiCloud, the continuous auditing
procurement processes [2, 4, 14]. A process helps the verifier to perform Block
certification is defined as a third party level and File level checking for remote data
attestation of products, processes, systems, Integrity Checking using Verifiable Data
or persons that verifies conformity to Integrity Checking Algorithm. Cloud
specified criteria [15]. Several CSC (e.g., provides random blocks to Verifier for
CSA STAR) and cloud certification schemes Integrity Checking which is to protect user
in particular (e.g., ISO 27017) have emerged privacy from Verifier (Third Party). File
to assure a high level of security, reliability, recovery is done by the Verifier
automatically if the data gets corrupted time will be set by the admin for Data
during checking. Users can complaint cloud Integrity checking process.
for file recovery.
Data Upload and Block Split
User has an initial level Registration
Process at the web end. The users provide
their own personal information for this
process. The server in turn stores the
information in its database. After
Registration, user can upload files to the
server. Uploaded files will be stored in a
Server. When the user upload the data to
different cloud by the time it is split into
different blocks using dynamic block
generation Algorithm and each block will be
appended with Signatures before storing the
data in FATFS. Signature generated using
MD5 Algorithm. Also the data gets encoded
using for Base64 Algorithm.
4. RESULTS
Fig.5 Certificate generation
The proposed system is implemented in
java. Frist we need to register with the user 5.CONCLUSION AND FUTURE
details as shown in the figure Fig.2. ENHANCEMENT