A Tiered Strategy for Auditing in the Cloud (R. Xie & R. Gamble) was part of the work-in-progress presentations at IEEE CLOUD 2012. This work documented initial scoping rules for audit assets formed within the cloud. An example compilation process showed how the audit assets can be filtered and combined within and across scopes to provide specific perspectives of audit trails to detect temporal behaviors related to attack patterns. The work initiated discussion on the accumulation and use of audit asset from foreign clouds as part of a federation, tying into the SecAgreement work to establish expectations of cloud responses as part of an SLA. Work to combine these two areas has begun.
Dr. Gamble presented papers at the IEEE Int’l Conference on Web Services (ICWS) , IEEE CLOUD 2012, and IEEE SERVICES 2012, all co-located in Honolulu, HI, where the new IEEE Cloud Initiative was launched. The three papers from SEAT are all part of research in making web services security-aware and building a calculus to verify their security compliance.
The conferences were a great medium for idea exchange and collaboration, and we are looking forward to the next phase of research to incorporate the feedback we received from the presentations! We’ll be posting some information on each paper and conference shortly