Main Article Content
Let us start by considering that there is a public pool of computer resources, these resources are made available as and when required i.e., are offered on-demand to the users. This is Cloud Computing in its simplest and most basic form. The different cloud services being offered can be categorized as application as a service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS). The requirements of a cloud user fall under any of these services and accordingly can be offered to the cloud user.
In current times, there is lot of interest in cloud computing as well as in its adoption. But the cloud users are fearful of losing the power and governance due to lack of transparency, accountability and confidence in the cloud. To improve the trust of cloud users, the cloud can be audited and verified against cloud user’s security properties. This helps in instilling a sense of faith in cloud users that their security properties are respected in the cloud. The cloud presents several problems in collection of data and processing due to the irregularity of information architecture and the lack of correlation. Furthermore, on one hand the size of cloud is humongous and on the other hand there is continuous or runtime need of validation, hence the verification of security properties becomes a difficult task.
Still, lot of work is happening in cloud security auditing. In this paper, we will try to review and summarize some of the recent work done in this area.
TURCOMAT publishes articles under the Creative Commons Attribution 4.0 International License (CC BY 4.0). This licensing allows for any use of the work, provided the original author(s) and source are credited, thereby facilitating the free exchange and use of research for the advancement of knowledge.
Detailed Licensing Terms
Attribution (BY): Users must give appropriate credit, provide a link to the license, and indicate if changes were made. Users may do so in any reasonable manner, but not in any way that suggests the licensor endorses them or their use.
No Additional Restrictions: Users may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.