Third-Party Auditor (TPA): A Potential Solution for Securing a Cloud Environment

Syed Rizvi, Abdul Razaque, Katie Cover

Research output: Chapter in Book/Report/Conference proceedingConference contribution

22 Scopus citations

Abstract

The confidentiality and verification of customer's data at the cloud service provider (CSP) side becomes a critical issue in terms of both reliability (i.e., the trust aspect) and efficiency (i.e., the ease of performing such verifications). As data owners no longer physically possess their data storage, traditional cryptographic primitives for the purpose of data security protection cannot be directly adopted. In such a scenario, the use of a third-party auditor (TPA) provides both efficiency, transparency, and the fairness in performing the required auditing tasks as well as it serves as a bridge between the cloud service users (CSUs) and the CSPs. Thus, for practical use, it seems more rational to equip the verification capabilities with public auditability, which is expected to play a more important role in achieving economies of scale for cloud computing. Although the use of TPA provides several advantages, the fact that TPA is an untrusted entity and it can turn into a malicious user or promote insider threats cannot be ignored. Thus, for a complete realistic security solution where CSUs achieve maximum cloud benefits at minimum computational cost, the auditing of TPA is required. In this paper, we develop an auditing method for CSUs/CSPs to ensure the integrity of the TPA and minimize the possibility of insider threats or malicious activities. The integrity of TPA will be verified using the time-released session keys and the service level agreement (SLA).

Original languageEnglish (US)
Title of host publicationProceedings - 2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015 - IEEE International Symposium of Smart Cloud, IEEE SSC 2015
EditorsTao Zhang, Sajal K. Das, Tao Zhang, Meikang Qiu
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages31-36
Number of pages6
ISBN (Electronic)9781467392990
DOIs
StatePublished - Jan 4 2016
Event2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015 - New York, United States
Duration: Nov 3 2015Nov 5 2015

Publication series

NameProceedings - 2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015 - IEEE International Symposium of Smart Cloud, IEEE SSC 2015

Other

Other2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015
Country/TerritoryUnited States
CityNew York
Period11/3/1511/5/15

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Third-Party Auditor (TPA): A Potential Solution for Securing a Cloud Environment'. Together they form a unique fingerprint.

Cite this