Zusammenfassung
Bestehende Methoden zur kontinuierlichen Überwachung oder Auditierung von Cloud-Services sind nicht unmittelbar anwendbar im Kontext der dynamischen Zertifizierung. Insbesondere mangelt es derzeit an einer umfassenden Architektur, die den vollständigen Prozess der dynamischen Zertifizierung abdeckt. Wir begegnen dieser Lücke, indem wir eine konzeptionelle Architektur für die dynamische Zertifizierung von Cloud-Services aufzeigen, welche die Hauptkomponenten, Methoden und Prozesse umfasst und dabei die Anforderungen und Bedürfnisse der wichtigsten Stakeholder berücksichtigt. Schließlich diskutieren wir mögliche Herausforderungen bei der Umsetzung der vorgeschlagenen Architektur.
Most of existing methodologies to continuously monitor and audit cloud services are not applicable for third party certification purposes. Therefore, we propose a conceptual architecture for dynamic certification of cloud services, and highlight important components and processes that have to be implemented. Finally, we discuss benefits and challenges that have to be tackled to diffuse the concept of dynamic cloud service certification.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Literaturverzeichnis
Alles M, Brennan G, Kogan A, Vasarhelyi MA (2006) Continuous Monitoring of Business Process Controls: A Pilot Implementation of a Continuous Auditing System at Siemens. International Journal of Accounting Information Systems 7 (2):137–161.
Alles MG, Kogan A, Vasarhelyi MA (2008a) Audit Automation for Implementing Continuous Auditing: Principles and Problems http://raw.rutgers.edu/MiklosVasarhelyi/Resume%20Articles/RESEARCH%20%26%20WORKING%20PAPERS/audit%20automation.pdf. Accessed 22.06.2017.
Alles MG, Kogan A, Vasarhelyi MA (2008b) Putting Continuous Auditing Theory into Practice: Lessons from Two Pilot Implementations. Journal of Information Systems 22 (2):195–214.
Chou CL-y, Du T, Lai VS (2007) Continuous Auditing with a Multi-Agent System. Decision Support Systems 42 (4):2274–2292.
David JS, Steinbart PJ (1999) Drowning in Data. Strategic Finance 81 (6):30–36.
Doelitzscher F, Fischer C, Moskal D, Reich C, Knahl M, Clarke N (2012) Validating Cloud Infrastructure Changes by Cloud Audits. In: Proceedings of the IEEE Eighth World Congress on Services, Honolulu, Hawaii, USA, 2012a.
Doelitzscher F, Reich C, Knahl M, Passfall A, Clarke N (2012b) An Agent Based Business Aware Incident Detection System for Cloud Environments. Journal of Cloud Computing 1 (9):1–19.
Du H, Roohani S (2007) Meeting Challenges and Expectations of Continuous Auditing in the Context of Independent Audits of Financial Statements. International Journal of Auditing 11 (2):133–146.
Groomer SM, Murthy US (1989) Continuous Auditing of Database Applications: An Embedded Audit Module Approach. Journal of Information Systems 3 (2):53–69.
Hunton JE, Rose JM (2010) 21st Century Auditing. Accounting Horizons 24 (2):297–312.
Ko RL, Lee B, Pearson S (2011) Towards Achieving Accountability, Auditability and Trust in Cloud Computing. In: Abraham A, Mauri J, Buford J, Suzuki J, Thampi S (eds) Advances in Computing and Communications, vol 193. Springer Berlin Heidelberg, pp 432–444.
Kunz T, Niehues P, Waldmann U (2013) Technische Unterstützung von Audits bei Cloud-Betreibern. Datenschutz und Datensicherheit 37 (8):521–525.
Lang M, Wiesche M, Krcmar H (2016) What Are the Most Important Criteria for Cloud Service Provider Selection? A Delphi Study. In: Proceedings of the 24th European Conference on Information Systems (ECIS 2016), Istanbul, Turkey, 2016. pp 1-18.
Lang M, Wiesche M, Krcmar H (2017) Conceptualization of Relational Assurance Mechanisms - A Literature Review on Relational Assurance Mechanisms, Their Antecedents and Effects. In: Proceedings der 13. Internationalen Tagung Wirtschaftsinformatik (WI 2017), St. Gallen, Switzerland, 2017. pp 852-866.
Lins S, Grochol P, Schneider S, Sunyaev A (2016a) Dynamic Certification of Cloud Services: Trust, but Verify! IEEE Security and Privacy 14 (2):67–71.
Lins S, Schneider S, Sunyaev A (2016b) Trust is Good, Control is Better: Creating Secure Clouds by Continuous Auditing. IEEE Transactions on Cloud Computing (forthcoming). doi:10.1109/tcc.2016.2522411.
Lins S, Teigeler H, Sunyaev A (2016) Towards a Bright Future: Enhancing Diffusion of Continuous Cloud Service Auditing by Third Parties. In: Proceedings of 24th European Conference on Information Systems (ECIS 2016), Istanbul, Turkey, 2016c. pp 1-18.
Lins S, Thiebes S, Schneider S, Sunyaev A (2015) What is Really Going on at Your Cloud Service Provider? In: Proceddings of the 48th Hawaii International Conference on System Science (HICSS 2015), Kauai, Hawaii, USA, 2015. pp 1-10.
Massonet P, Naqvi S, Ponsard C, Latanicki J, Rochwerger B, Villari M A (2011) Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures. In: Proceedings of the IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum (IPDPSW 2011), Anchorage, Alaska, USA, 2011. pp 1510–1517.
Murthy US, Groomer SM (2004) A Continuous Auditing Web Services Model for XML-based Accounting Systems. International Journal of Accounting Information Systems 5 (2):139–163.
National Institute of Standards and Technology (2014) NIST Cloud Computing Forensic Science Challenges: Draft NISTIR 8006.
National Institutes of Standards and Technology (2002) Federal Information Security Management Act of 2002. http://csrc.nist.gov/drivers/documents/FISMA-final.pdf. Accessed 22.06.2017.
Pichan A, Lazarescu M, Soh ST (2015) Cloud Forensics. Digital Investigation 13 (C):38–57.
Rajalakshmi JR, Rathinraj M, Braveen M (2014) Anonymizing Log Management Process for Secure Logging in the Cloud. In: Proceedings of the International Conference on Circuit, Power and Computing Technologies (ICCPCT 2014), Nagercoil, India, 2014. pp 1559–1564.
Schneider S, Sunyaev A (2015) Cloud-Service-Zertifizierung. Ein Rahmenwerk und Kriterienkatalog zur Zertifizierung von Cloud-Services. 1 edn. Springer-Verlag, Berlin Heidelberg. doi:10.1007/978-3-662-47286-6.
Vasarhelyi M, Halper FB (1991) The Continuous Audit of Online Systems. Auditing: A Journal of Practice and Theory 10 (1):1–18.
Vasarhelyi MA, Alles MG, Kogan A, O’Leary D (2004) Principles of Analytic Monitoring for Continuous Assurance. Journal of Emerging Technologies in Accounting 1 (1):1–21.
Wang B, Li B, Li H (2014) Oruta: Privacy-preserving Public Auditing for Shared Data in the Cloud. IEEE Transactions on Cloud Computing 2 (1):43–56.
Wei L, Zhu H, Cao Z, Dong X, Jia W, Chen Y, Vasilakos AV (2014) Security and Privacy for Storage and Computation in Cloud Computing. Information Sciences 258:371-386.
Zawoad S, Hasan R, Skjellum A (2015) OCF: An Open Cloud Forensics Model for Reliable Digital Forensics. In: Proceedings of the IEEE 8th International Conference on Cloud Computing (CLOUD 2015) New York, USA, 2015. pp 437–444.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Fachmedien Wiesbaden GmbH
About this chapter
Cite this chapter
Lins, S., Sunyaev, A. (2018). Konzeptionelle Architektur von dynamischen Zertifizierungen. In: Krcmar, H., Eckert, C., Roßnagel, A., Sunyaev, A., Wiesche, M. (eds) Management sicherer Cloud-Services. Springer Gabler, Wiesbaden. https://doi.org/10.1007/978-3-658-19579-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-658-19579-3_11
Published:
Publisher Name: Springer Gabler, Wiesbaden
Print ISBN: 978-3-658-19578-6
Online ISBN: 978-3-658-19579-3
eBook Packages: Business and Economics (German Language)