to the research projects

Security Audit as a Service

Security Audit as a Service (SAaaS) is a project funded by the German Federal Ministry of Education and Research (BMBF) that investigates how cloud infrastructure audits can strengthen trust in cloud environments.

SAaaS is based on a cloud intrusion detection system with distributed agents that are deployed at key logical points (e.g. VMs, VM hosts, cloud management) of a cloud infrastructure and monitor incidents. An event can be anything that can be described, such as a simple successful login event, a series of unsuccessful login attempts, network connections between VMs or increasing CPU consumption of a particular VM. In the case of an identified event, the agent generates an event that feeds a complex event processing engine that draws the security status of the cloud. In this way, distributed attacks on a cloud computing environment or the misuse of cloud resources are detected at an early stage.

SAaaS Use Cases

The Security Audit as a Service Infrastructure aims to support the following use cases:

  • A) Automated security audit of a customer IT infrastructure
    This service can be used on-demand targeting an infrastructure not necessarily running in a cloud computing environment. Based on a toolbox available a customer can schedule security audits of its IT infrastructure. Tools like a vulnerability scanner of all internet exposed systems are possible and can be scheduled in a repetitive manner. Results will be user friendly conditioned to an audit security report.
  • B) Audit and monitoring of cloud instances
    Cloud user are running special monitored cloud instances, virtual machines (VMs), within a provider's cloud infrastructure. Monitoring is done via audit agents which are positioned within a customers VMs as well as in the cloud infrastructure of the provider. The user de fines Security Service Level Agreements (SSLA) de fining what to monitor and how to alert in case of system deviation from the de ned manner.
  • C) Cloud infrastructure audit and monitoring
    A Security Audit Service is used by the cloud provider as well as a 3rd party (e.g. security service provider) to audit and monitor the cloud infrastructure. Results of external security audits like penetration test results of the cloud management infrastructure combined with internal information from the a cloud centralized Security Audit Service creates a comprehensive view of the security status.

Scientific Project Publications


Book & magazine contributions

  • Book Chapter: F. Doelitzscher, Ch. Reich, M.Knahl and N. Clarke, Understanding Cloud Audits, Book Chapter, Privacy and Security for Cloud Computing, ISBN: 978-1-4471-4188-4, Publication: August 31, 2012
  • Hacking9: article on "Security risks and audit criteria for cloud infrastructures" published

I will be happy to answer any questions about the project!

Your key contact