Simultaneously Supporting Privacy and Auditing in Cloud Computing Systems

Abstract

Over the last few years, cloud services have been steadily gaining traction in their use by commercial and noncommercial entities. As more and more sensitive or valuable processes, business functions and data move into the cloud, the need to improve threat identification and response, via auditing cloud transactions, increases. At the same time, the need for cloud users to protect the security and privacy of their resources has also intensified. In this paper, the problem of simultaneously supporting privacy and auditing in cloud systems is studied. Specifically, the paper discusses the guiding principles, fundamental concepts, and threat models for current cloud computing systems. Finally, we propose infrastructure that exploits a novel thin layer between the client and the cloud service provider to ensure that data storage, operation, and auditing does not reveal sensitive client information.