Survey paper on different Cloud Auditing Systems

Let us start by considering that there is a public pool of computer resources, these resources are made available as and when required i.e., are offered on-demand to the users. This is Cloud Computing in its simplest and most basic form. The different cloud services being offered can be categorized as application as a service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS). The requirements of a cloud user fall under any of these services and accordingly can be offered to the cloud user.

In current times, there is lot of interest in cloud computing as well as in its adoption. But the cloud users are fearful of losing the power and governance due to lack of transparency, accountability and confidence in the cloud. To improve the trust of cloud users, the cloud can be audited and verified against cloud user’s security properties. This helps in instilling a sense of faith in cloud users that their security properties are respected in the cloud. The cloud presents several problems in collection of data and processing due to the irregularity of information architecture and the lack of correlation. Furthermore, on one hand the size of cloud is humongous and on the other hand there is continuous or runtime need of validation, hence the verification of security properties becomes a difficult task.

Still, lot of work is happening in cloud security auditing. In this paper, we will try to review and summarize some of the recent work done in this area.