<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article  PUBLIC "-//NLM//DTD Journal Publishing DTD v3.0 20080202//EN" "http://dtd.nlm.nih.gov/publishing/3.0/journalpublishing3.dtd"><article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" dtd-version="3.0" xml:lang="en" article-type="research article"><front><journal-meta><journal-id journal-id-type="publisher-id">IJCNS</journal-id><journal-title-group><journal-title>International Journal of Communications, Network and System Sciences</journal-title></journal-title-group><issn pub-type="epub">1913-3715</issn><publisher><publisher-name>Scientific Research Publishing</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.4236/ijcns.2016.99031</article-id><article-id pub-id-type="publisher-id">IJCNS-70587</article-id><article-categories><subj-group subj-group-type="heading"><subject>Articles</subject></subj-group><subj-group subj-group-type="Discipline-v2"><subject>Computer Science&amp;Communications</subject></subj-group></article-categories><title-group><article-title>
 
 
  Extending Auditing Models to Correspond with Clients’ Needs in Cloud Environments
 
</article-title></title-group><contrib-group><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Rizik</surname><given-names>M. H. Al-Sayyed</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Esam</surname><given-names>Y. Al-Nsour</given-names></name><xref ref-type="aff" rid="aff2"><sup>2</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Laith</surname><given-names>M. Al-Omari</given-names></name><xref ref-type="aff" rid="aff3"><sup>3</sup></xref></contrib></contrib-group><aff id="aff3"><addr-line>Department of Computer Information Systems, King Abdullah II School for Information Technology, The University of Jordan,
Amman, Jordan</addr-line></aff><aff id="aff2"><addr-line>Department of Computer Science, King Abdullah II School for Information Technology, The University of Jordan, Amman, Jordan</addr-line></aff><aff id="aff1"><addr-line>Department of Business Information Technology, King Abdullah II School for Information Technology, The University of Jordan,
Amman, Jordan</addr-line></aff><pub-date pub-type="epub"><day>14</day><month>09</month><year>2016</year></pub-date><volume>09</volume><issue>09</issue><fpage>347</fpage><lpage>360</lpage><history><date date-type="received"><day>July</day>	<month>29,</month>	<year>2016</year></date><date date-type="rev-recd"><day>Accepted:</day>	<month>September</month>	<year>11,</year>	</date><date date-type="accepted"><day>September</day>	<month>14,</month>	<year>2016</year></date></history><permissions><copyright-statement>&#169; Copyright  2014 by authors and Scientific Research Publishing Inc. </copyright-statement><copyright-year>2014</copyright-year><license><license-p>This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/</license-p></license></permissions><abstract><p>
 
 
  The user control over the life cycle of data is of an extreme importance in clouds in order to determine whether the service provider adheres to the client’s pre-specified needs in the contract between them or not, significant clients concerns raise on some aspects like social, location and the laws to which the data are subject to. The problem is even magnified more with the lack of transparency by Cloud Service Providers (CSPs). Auditing and compliance enforcement introduce different set of challenges in cloud computing that are not yet resolved. In this paper, a conducted questionnaire showed that the data owners have real concerns about not just the secrecy and integrity of their data in cloud environment, but also for spatial, temporal, and legal issues related to their data especially for sensitive or personal data. The questionnaire results show the importance for the data owners to address mainly three major issues: Their ability to continue the work, the secrecy and integrity of their data, and the spatial, legal, temporal constraints related to their data. Although a good volume of work was dedicated for auditing in the literature, only little work was dedicated to the fulfillment of the contractual obligations of the CSPs. The paper contributes to knowledge by proposing an extension to the auditing models to include the fulfillment of contractual obligations aspects beside the important aspects of secrecy and integrity of client’s data.
 
</p></abstract><kwd-group><kwd>Auditing</kwd><kwd> Public Audibility</kwd><kwd> Dynamic Data Auditing</kwd><kwd> Spatial Control</kwd><kwd>  Temporal Control</kwd><kwd> Logging Data</kwd><kwd> Contractual Obligations</kwd></kwd-group></article-meta></front><body><sec id="s1"><title>1. Introduction</title><p>Data outsourcing is economically attractive; however, data security, integrity, availability and many other concerns are elements or factors limiting the adoption of data outsourcing by potential users [<xref ref-type="bibr" rid="scirp.70587-ref1">1</xref>] . Many of these factors such as the data secrecy and availability were addressed in the field literature for long time. In addition, the emerging era of cloud computing imposes new challenges such as data monitoring [<xref ref-type="bibr" rid="scirp.70587-ref2">2</xref>] . Data monitoring could be based on real-time “intrusion detection” or on logging and offline auditing [<xref ref-type="bibr" rid="scirp.70587-ref3">3</xref>] . Many aspects of data outsourcing concerns in the cloud were addressed by researchers such as secrecy [<xref ref-type="bibr" rid="scirp.70587-ref4">4</xref>] [<xref ref-type="bibr" rid="scirp.70587-ref5">5</xref>] , integrity [<xref ref-type="bibr" rid="scirp.70587-ref6">6</xref>] [<xref ref-type="bibr" rid="scirp.70587-ref7">7</xref>] , availability [<xref ref-type="bibr" rid="scirp.70587-ref8">8</xref>] [<xref ref-type="bibr" rid="scirp.70587-ref9">9</xref>] .</p><p>Data storage and manipulation outsourcing in clouds presents one of the biggest clients’ concerns, especially for confidential data, concerns caused by the lack of tra- nsparency and limited user control; new attack channels for malicious users can exist due to the clouds multitenancy in conjunction with Virtual Machine Monitor (VMM) vulnerabilities [<xref ref-type="bibr" rid="scirp.70587-ref9">9</xref>] . Data monitoring techniques normally end up with logs that record the activities performed on data over time, such logs are the source for information that enable the process of verification of different aspects of auditing. A data-centric approach for control and auditing that applies across application and service boundaries seems appropriate for the demonstration of compliance with data regulations, and to understand how information is manipulated or generated [<xref ref-type="bibr" rid="scirp.70587-ref10">10</xref>] .</p><p>Auditing is the systematic evaluation to measure the adherence of a system―such as a cloud service―to the established criteria and pre-specified set of policies imposed by the client on his/her data; auditor is the party that can conduct independent assessments of cloud services. The audit processes have to be highly regarded as it is the shor- test way to gain users’ trust and satisfaction. Standardization entities such as United States National Institute of Standards and Technology (NIST) have identified the protection of audit data integrity as one of the major concerns for the cloud technology [<xref ref-type="bibr" rid="scirp.70587-ref3">3</xref>] .</p><p>Maintaining audit data integrity and security is challenging; for example, the CSP may try to hide any trails leading to uncover their responsibility about actions led to data misuse, losses, or security breaches [<xref ref-type="bibr" rid="scirp.70587-ref15">15</xref>] . It is very hard for the ordinary users―in most of the cases―to identify the reasons for such incidents under such circumstances [<xref ref-type="bibr" rid="scirp.70587-ref10">10</xref>] [<xref ref-type="bibr" rid="scirp.70587-ref11">11</xref>] . Therefore, a need for a frequent audit checking is needed to keep an eye on data, and to track the data movement to ensure only allowed flows exist [<xref ref-type="bibr" rid="scirp.70587-ref9">9</xref>] , and ensure that the CSPs meet the requirements of the policy being enforced on data [<xref ref-type="bibr" rid="scirp.70587-ref10">10</xref>] . There are no existing internal mechanisms for cloud services users to enforce policy or reliably demonstrate compliance of policies, law, and regulations [<xref ref-type="bibr" rid="scirp.70587-ref12">12</xref>] , furthermore, regarding the possibility of monitoring or audit, except for IBM and Microsoft Azure, service providers do not allow customers to hire a third party to perform such activities [<xref ref-type="bibr" rid="scirp.70587-ref13">13</xref>] .</p><p>Being able to identify the cause of a security breach and the path that has been followed by an attacker is much more difficult in cloud environment than other environments. In addition, a cloud provider may subcontract a third party for some resources or a hardware supplier of poor-quality storage devices that result in loss of data. Traditional investigation methods based on digital forensics cannot be extended to a cloud, since resources are shared among a large user population and the traces of events related to a security incident may be wiped out due to the high rate of write operations on any storage media.</p><p>The importance of contractual obligations between tenants and cloud providers related to outsourcing data storage and manipulation were addressed in the literature in the form of guiding notes and recommendations [<xref ref-type="bibr" rid="scirp.70587-ref13">13</xref>] - [<xref ref-type="bibr" rid="scirp.70587-ref17">17</xref>] . In [<xref ref-type="bibr" rid="scirp.70587-ref18">18</xref>] authors stated that although the CSPs provide security services to the clients’ data, there is a possibility of data leakage in cloud environment, users must make sure that the data moved into the cloud has not been leaked or modified by some unauthorized users, and to verify the security measures offered by the CSP.</p><p>The contractual terms between users and the CSPs make the user trust much worse; it usually places all responsibilities for data security on user’s side [<xref ref-type="bibr" rid="scirp.70587-ref3">3</xref>] . Maintaining copies of the data outside the cloud is often unfeasible due to the sheer volume of data. If the only copy of the data is stored on the cloud, sensitive data is permanently lost when cloud data replication fails and is followed by a storage media failure. Because some of the data often includes proprietary or sensitive data, access to such information by third parties could have severe consequences.</p><p>Close attention should be paid to both; the security of storage servers, and to data in transit. Data usually is kept in storage for extended periods of time and so the concerns of unauthorized access to confidential information and data theft are more higher when data is in storage than while it is being processed, data exposure to threats during processing is for relatively short periods of time.</p><p>The user control over the life cycle of data is also of an extreme importance. How can a user determine whether data that should have been deleted is actually deleted? Even if it was deleted, there is no guarantee that the media was wiped and the next media user is not able to recover any confidential data. The problem is magnified when the CSPs rely on seamless backups to prevent accidental data loss since it is done without users’ knowledge or approval. Such behavior may lead to data loss, accidental deletion, or data becomes accessible to an attacker.</p><p>In real world, two auditing schemes exist, private auditability and public auditability. In private auditability only the client or the data owner is allowed to check the different aspects of the stored data (i.e. secrecy, integrity, etc.), but it is not applicable for all clients and increases verification overhead of the user. Public auditability allows some entity privileged by the data owner to perform data verification check. This entity is called a Third Party Auditor (TPA). TPA has the expertise, capabilities, knowledge and professional skills that client normally does not have. TPAdoes frequent checks against data using different aspects and it reduces the client overhead; the client is no longer required to verify the integrity of the data at the server on his/her own. For data owners to have sufficient proficiency of trust; TPA may have only an encrypted format of the data, and are trusted by the data owner for auditing of the data and to ensure there is no data leakage and verify the compliance of the CSP with the contract.</p><p><xref ref-type="fig" rid="fig1">Figure 1</xref> [<xref ref-type="bibr" rid="scirp.70587-ref1">1</xref>] [<xref ref-type="bibr" rid="scirp.70587-ref19">19</xref>] shows public auditing scheme, in which, cloud users (clients) use the cloud storage provided by the CSP to outsource storage of their data, a TPA entity trusted by the client is entitled to keep checking on user’s data periodically to verify data integrity. In the case of any unexpected results, both the client and the CSP are notified, a flow of security messages are exchanged between the three entities. In <xref ref-type="fig" rid="fig2">Figure 2</xref> [<xref ref-type="bibr" rid="scirp.70587-ref11">11</xref>] [<xref ref-type="bibr" rid="scirp.70587-ref20">20</xref>] the public auditing scheme is extended to support public verification and dynamic data auditing, it also supports batch auditing in order to improve efficiency. To overcome data privacy issues, random mask technology is used to avoid TPA getting the client's data information knowledge on every verification process.</p><p>In [<xref ref-type="bibr" rid="scirp.70587-ref21">21</xref>] , authors proposed a solution where the cloud provider generates audit logs, by which the cloud tenant is able to monitor the enforcement of data location-related regulation. Audit logs confidentiality and integrity should be ensured together with trusted time stamping. Cloud customers should be able to access the logs of every action including VMs’ deployment; migrations; and shutdowns. The logs can also be used for the verification of the Cloud’s utilization.</p><p>In [<xref ref-type="bibr" rid="scirp.70587-ref22">22</xref>] , a software that is able to estimate the geolocation of itself, named VLOC, is introduced to verify the physical location of a VM on which the customer applications and data are stored. VLOC notifies users if the location is unauthorized. To get its</p><fig id="fig1"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref></label><caption><title> Public audibility in cloud data storage; source: [<xref ref-type="bibr" rid="scirp.70587-ref1">1</xref>] </title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/1-9702115x2.png"/></fig><fig id="fig2"  position="float"><label><xref ref-type="fig" rid="fig2">Figure 2</xref></label><caption><title> Public auditability in cloud data storage architecture which support dynamic data auditing; source: [<xref ref-type="bibr" rid="scirp.70587-ref11">11</xref>] </title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/1-9702115x3.png"/></fig><p>location, the software uses arbitrary web-servers as external landmarks, and employs network latency measurement for distance estimation. In the case of latency fluctuation, VLOC employs a machine learning technique in order to adapt.</p><p>Authors In [<xref ref-type="bibr" rid="scirp.70587-ref23">23</xref>] introduced a data driven usage control and provenance tracking approach, acts as a light-weight, transparent proxy between storage users and providers to enforce compliance constraints in cloud storage federation scenarios. The compliance constraints in their work were based on the enforcement of regulations, standards, and laws in cloud storage. Constraints were categorized into spatial, temporal, and qualitative restrictions on distribution and replication of data. The proxy intercepts all attempts to retrieve, store, or delete data from a cloud storage provider and forwards the corresponding events to the a policy decision point (PDP), which, based on previously deployed policies, decides on their execution and modification and finally sends its decision back to the proxy, the proxy then, based on the PDP’s decision, either executes, modifies, or drops the event. The problems with such design are the high overhead on the cloud infrastructure, the possible single point of failure, the required implementation of the proxy at the CSP side, and it does not address data tracking once it leaves the environment of the federation service. In addition, no audit logs are generated.</p><p>In [<xref ref-type="bibr" rid="scirp.70587-ref10">10</xref>] [<xref ref-type="bibr" rid="scirp.70587-ref12">12</xref>] [<xref ref-type="bibr" rid="scirp.70587-ref24">24</xref>] , authors introduced Information Flow Audit, as an approach for tracking information flows within cloud infrastructure. This builds upon CamFlow (Cambridge Flow Control Architecture), model for data-centric security in PaaS clouds. CamFlow enforces Information Flow Control (IFC) policy both intramachine at the kernel level, and inter-machine on message exchange to provide datacentric audit logs. Combining a continuously enforced data-centric security mechanism with meaningful audit enables tenants and providers to both meet and demonstrate compliance with their data management obligations. They outlined how IFC can be enforced in the cloud and discussed how audit data can be collected as an intrinsic part of IFC.</p><p>Up to our best knowledge, only little work was considering the users’ concerns other than data security, integrity, and availability. Recent surveys on cloud computing security and auditing [<xref ref-type="bibr" rid="scirp.70587-ref25">25</xref>] - [<xref ref-type="bibr" rid="scirp.70587-ref28">28</xref>] didn’t cover the concerns we talk about here, namely; spatial, temporal, and legal concerns. Although a little work was dedicated to enforce compliance of CSPs with data location regulations using auditing, the demonstration of the compliance of cloud providers to their contractual obligations is not yet convincing and more research is needed [<xref ref-type="bibr" rid="scirp.70587-ref29">29</xref>] . We are proposing an extension to the auditing models to include such concerns in order to increase the trust of data owners in the cloud environment.</p><p>The rest of this paper is organized as follows: Section 2 covers data owners’ concerns limiting their adoption of clouds in their businesses, in the form of a questionnaire and discussion of results, the proposed extension to auditing models is presented in section 3, and finally; the conclusion along with future work direction is drawn in section 4.</p></sec>
<sec id="s2">
<title>2. Data Owners Concerns and Results Discussion</title>
<p>The cloud computing technology advantages are obvious; however, major challenges do exist such as the availability of services, data confidentiality, and auditability. Clouds in its different deployment and delivery models in Jordan are widely available along with good resources and infrastructure to support this technology, nevertheless, limited adoption among data owners. This limited adoption observation is common to both public and private sectors, but it is more obvious in the public sector.</p>
<p>In order to investigate data owners’ concerns which are limiting their adoption of clouds in their businesses, we have conducted a questionnaire with thirteen questions (appendix A). Questions were selected to cover the area of data storage and manipulation outsourcing since it is, in our opinion, the major concerns producing and affecting clouds’ area and adoption, such opinion were developed during multi discussions with groups of data owners in different sectors in Jordan. We intended to understand the reasons behind the major concerns limiting the shift towards the clouds, and how it can be tackled. The questionnaire also included questions for the data owners to express their additional important aspects related to the cloud environments.</p>
<p>The questioned sample was carefully chosen to represent: public sector, private sector, and the academic community. Total number of participants who answered the questionnaire is 23, all of them are from the information technology field, working with information systems of very large sizes, and have good background in cloud computing technologies. Persons from the academic field are researchers in the cloud computing technologies. It is worth saying that it wasn’t an easy task to find a big number of typical participants to answer the questionnaire in order to get useful feedback because; as we indicated above; we carefully selected participants with the above mentioned knowledge and hence the small number; 23.</p><p>As shown in Appendix A, the questionnaire is composed of thirteen questions: eleven “Yes/No” questions and two fill in the blank questions. The results of eleven “Yes/No” questions of the questionnaire are summarized in <xref ref-type="table" rid="table1">Table 1</xref>, while <xref ref-type="table" rid="table2">Table 2</xref> summarizes the two “fill in the blank” questions.</p>
<p><xref ref-type="table" rid="table1">Table 1</xref> represents the percentage results of the participants’ answers (see Appendix B) with Yes or No to a pre-specified list of concerns if they were to move their data to the cloud. The concerns list included legal, spatial, and temporal aspects of data outsourcing. Notice that <xref ref-type="table" rid="table1">Table 1</xref> shows participants’ concerns listed in descending order (highest Yes percentage to lowest Yes percentage). <xref ref-type="table" rid="table2">Table 2</xref> represents the recurrence of additional aspects or concerns as listed by the sample, which in their opinion may generate major concerns for a data owner when outsourcing data storage and manipulation (Q8 and Q9).</p><p>Results of the questionnaire showed that 100% of the sample believes that data outsourcing will generate major concerns (Q1); most of the concerns are directly related to data security, availability, and location. 91% of the sample believes that specifying a judiciary system and analyzing how information has flowed across the system are two major concerns (Q7 and Q11). Users’ ability to control their data, and the lack of CSPs’ transparency, were among the major concerns of data owners. About 83% of the sample believes that cloud multitenancy forms a new attach channel, it is important to</p></sec></body>
<back><ref-list><title>References</title><ref id="scirp.70587-ref1"><label>1</label><mixed-citation publication-type="other" xlink:type="simple">Pardeshi, P.M. and Borade, D.R. (2015) Improving Data Integrity for Data Storage Security in Cloud Computing. International Journal of Computer Science and Network Security (IJCSNS), 15, 75.</mixed-citation></ref><ref id="scirp.70587-ref2"><label>2</label><mixed-citation publication-type="other" xlink:type="simple">Henze, M., Hummen, R. and Wehrle, K. (2013) The Cloud Needs Cross-Layer Data Handling Annotations. 2013 IEEE Security and Privacy Workshops (SPW), Washington DC, 23-24 May 2013, 18-22. http://dx.doi.org/10.1109/spw.2013.31</mixed-citation></ref><ref id="scirp.70587-ref3"><label>3</label><mixed-citation publication-type="other" xlink:type="simple">Marinescu, D.C. (2013) Cloud Computing: Theory and Practice. Newnes.</mixed-citation></ref><ref id="scirp.70587-ref4"><label>4</label><mixed-citation publication-type="other" xlink:type="simple">Liu, C.-W., et al. (2016) A Survey of Attribute-Based Access Control with User Revocation in Cloud Data Storage. International Journal of Network Security, 18, 900-916.</mixed-citation></ref><ref id="scirp.70587-ref5"><label>5</label><mixed-citation publication-type="other" xlink:type="simple">Kishore, N. and Sharma, S. (2016) Secured Data Migration from Enterprise to Cloud Storage–Analytical Survey. BVICAM’s International Journal of Information Technology, 8(1).</mixed-citation></ref><ref id="scirp.70587-ref6"><label>6</label><mixed-citation publication-type="other" xlink:type="simple">Kumar, D. and Karuppuchamy, V. (2016) Competent Demonstrable Data Possession for Integrity Verification in Multi-Cloud Storage. International Research Journal of Engineering and Technology (IRJET), 3, 464-468.</mixed-citation></ref><ref id="scirp.70587-ref7"><label>7</label><mixed-citation publication-type="other" xlink:type="simple">Brandenburger, M., Cachin, C. and Knezevic, N. (2016) Securing Integrity and Consistency of a Cloud Storage Service with Efficient Client Operations. US Patent No. 20,160,048,703.</mixed-citation></ref><ref id="scirp.70587-ref8"><label>8</label><mixed-citation publication-type="other" xlink:type="simple">Ghafghazi, H., et al. (2016) Secure Data Storage Structure and Privacy-Preserving Mobile Search Scheme for Public Safety Networks. arXiv preprint arXiv:1602.04493</mixed-citation></ref><ref id="scirp.70587-ref9"><label>9</label><mixed-citation publication-type="other" xlink:type="simple">Wu, S., Li, K.C., Mao, B. and Liao, M. (2016) DAC: Improving Storage Availability with Deduplication-Assisted Cloud-of-Clouds. Future Generation Computer Systems.</mixed-citation></ref><ref id="scirp.70587-ref10"><label>10</label><mixed-citation publication-type="other" xlink:type="simple">Pasquier, T. and Eyers, D. (2016) Information Flow Audit for Transparency and Compliance in the Handling of Personal Data. In IC2E International Workshop on Legal and Technical Issues in Cloud Computing (CLaw'16). IEEE.</mixed-citation></ref><ref id="scirp.70587-ref11"><label>11</label><mixed-citation publication-type="other" xlink:type="simple">Hsien, W.-F., Yang, C.-C. and Hwang, M.-S. (2016) A Survey of Public Auditing for Secure Data Storage in Cloud Computing. International Journal of Network Security, 18, 133-142.</mixed-citation></ref><ref id="scirp.70587-ref12"><label>12</label><mixed-citation publication-type="other" xlink:type="simple">Pasquier, T.F.M. and Powles, J.E. (2015, March) Expressing and Enforcing Location Requirements in the Cloud Using Information Flow Control. In Cloud Engineering (IC2E), 2015 IEEE International Conference on (pp. 410-415). IEEE.</mixed-citation></ref><ref id="scirp.70587-ref13"><label>13</label><mixed-citation publication-type="other" xlink:type="simple">BrancoJr, T. and Santos, H. (2016, June) What Is Missing for Trust in the Cloud Computing? In Proceedings of the 2016 ACM SIGMIS Conference on Computers and People Research (pp. 27-28). ACM.</mixed-citation></ref><ref id="scirp.70587-ref14"><label>14</label><mixed-citation publication-type="other" xlink:type="simple">Jain, S., Kumar, R., Kumawat, S. and Jangir, S.K. (2014) An Analysis of Security and Privacy Issues, Challenges with Possible Solution in Cloud Computing. In National Conference on Computational and Mathematical Sciences (COMPUTATIA-IV), Technically Sponsored By: ISITA and RAOPS, Jaipur.</mixed-citation></ref><ref id="scirp.70587-ref15"><label>15</label><mixed-citation publication-type="other" xlink:type="simple">Chen, Z. and Yoon, J. (2010, July) IT Auditing to Assure a Secure Cloud Computing. In 2010 6th World Congress on Services (pp. 253-259). IEEE.</mixed-citation></ref><ref id="scirp.70587-ref16"><label>16</label><mixed-citation publication-type="other" xlink:type="simple">Zaigham, M. (2011) Data Location and Security Issues in Cloud Computing. International Conference on Emerging Intelligent Data and Web Technologies (EIDWT), Tirana, 7-9 September 2011, 49-54.</mixed-citation></ref><ref id="scirp.70587-ref17"><label>17</label><mixed-citation publication-type="other" xlink:type="simple">Irfan, G., Rehman, A. and Islam, M.H. (2011) Cloud Computing Security Auditing. 2nd International Conference on Next Generation Information Technology (ICNIT), Gyeongju, 21-23 June 2011, 143-148.</mixed-citation></ref><ref id="scirp.70587-ref18"><label>18</label><mixed-citation publication-type="journal" xlink:type="simple"><name name-style="western"><surname>Golzardi</surname><given-names> E. </given-names></name>,<etal>et al</etal>. (<year>2015</year>)<article-title>Cloud Computing Security: A Survey</article-title><source> Journal of Information Sciences and Computing Technologies</source><volume> 5</volume>,<fpage> 377</fpage>-<lpage>385</lpage>.<pub-id pub-id-type="doi"></pub-id></mixed-citation></ref><ref id="scirp.70587-ref19"><label>19</label><mixed-citation publication-type="other" xlink:type="simple">Deswarte, Y., Quisquater, J.J. and Sa&amp;iuml;dane, A. (2004) Remote Integrity Checking. In Integrity and Internal Control in Information Systems VI (pp. 1-11). Springer US.</mixed-citation></ref><ref id="scirp.70587-ref20"><label>20</label><mixed-citation publication-type="other" xlink:type="simple">Wang, Q., Wang, C., Ren, K., Lou, W. and Li, J. (2011) Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing. IEEE Transactions on Parallel and Distributed Systems, 22, 847-859. http://dx.doi.org/10.1109/TPDS.2010.183</mixed-citation></ref><ref id="scirp.70587-ref21"><label>21</label><mixed-citation publication-type="other" xlink:type="simple">Massonet, P., Naqvi, S., Ponsard, C., Latanicki, J., Rochwerger, B. and Villari, M. (2011, May) A Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures. In Parallel and Distributed Processing Workshops and Phd Forum (IPDPSW), 2011 IEEE International Symposium on (pp. 1510-1517). IEEE.</mixed-citation></ref><ref id="scirp.70587-ref22"><label>22</label><mixed-citation publication-type="other" xlink:type="simple">Eskandari, M., De Oliveira, A.S. and Crispo, B. (2014) VLOC: An Approach to Verify the Physical Location of a Virtual Machine Cloud. 6th International Conference on Cloud Computing Technology and Science (Cloud Com), Singapore, 15-18 December 2014, 86-94. http://dx.doi.org/10.1109/cloudcom.2014.47</mixed-citation></ref><ref id="scirp.70587-ref23"><label>23</label><mixed-citation publication-type="other" xlink:type="simple">Wüchner, T., Müller, S. and Fischer, R. (2013, December) Compliance-Preserving Cloud Storage Federation Based on Data-Driven Usage Control. In Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on (Vol. 2, pp. 285-288). IEEE.</mixed-citation></ref><ref id="scirp.70587-ref24"><label>24</label><mixed-citation publication-type="other" xlink:type="simple">Pasquier, T., Singh, J., Bacon, J. and Eyers, D. (2016) Information Flow Audit for PaaS Clouds. International Conference on Cloud Engineering (IC2E), Berlin, 4-8 April 2016, 81-88. http://dx.doi.org/10.1109/ic2e.2016.19</mixed-citation></ref><ref id="scirp.70587-ref25"><label>25</label><mixed-citation publication-type="other" xlink:type="simple">Tan, Y.S., Ko, R.K.L. and Holmes, G. (2013) Security and Data Accountability in Distributed Systems: A Provenance Survey. 10th International Conference on High Performance Computing and Communications &amp; 2013 IEEE International Conference on Embedded and Ubiquitous Computing (HPCC_EUC), Zhangjiajie, 13-15 November 2013, 1571-1578.</mixed-citation></ref><ref id="scirp.70587-ref26"><label>26</label><mixed-citation publication-type="other" xlink:type="simple">Meena, K. and Gomathy, M. (2016) study on Security Frameworks and Data Protection Techniques for Public Cloud Environment. APPN Journal of Engineering and Applied Sciences, 11, 5933-5939.</mixed-citation></ref><ref id="scirp.70587-ref27"><label>27</label><mixed-citation publication-type="other" xlink:type="simple">Khan, M.A. (2016) A Survey of Security Issues for Cloud Computing. Journal of Network and Computer Applications, 71, 11-29. http://dx.doi.org/10.1016/j.jnca.2016.05.010</mixed-citation></ref><ref id="scirp.70587-ref28"><label>28</label><mixed-citation publication-type="other" xlink:type="simple">Brindha, T. and Shaji, R.S. (2015) An Analysis of Data Leakage and Prevention Techniques in Cloud Environment. 2015 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), Noorul Islam University, 18-19 December 2015, 350-355.</mixed-citation></ref><ref id="scirp.70587-ref29"><label>29</label><mixed-citation publication-type="other" xlink:type="simple">Singh, J., Pasquier, T., Bacon, J., Ko, H. and Eyers, D. (2016) Twenty Security Considerations for Cloud-Supported Internet of Things. IEEE Internet of Things Journal, 3, 269-284.  
http://dx.doi.org/10.1109/JIOT.2015.2460333</mixed-citation></ref></ref-list></back></article>