finish auditing section and security

honours-project.tex

@@ -785,16 +785,20 @@ \subsubsection{Denial of Service Protection}
 
 \subsubsection{Third Party Audit}
 
+Having a third party perform an audit of the CSP and CSU's infrastructure, balances, and controls can relieve the concerns of privacy, data integrity, availability, and confidentiality. Having a third party audit removes the bias and conflict of interest that could be encountered if a CSP or CSU were to perform the audit themselves \cite{liu2015survey}.
 
+Auditing can also verify that the CSP is adhering to their SLA by testing for availability and privacy. One of the primary focuses is verifying that data in transit and at rest keeps its integrity.
 
+Auditing of employees should also be taken into consideration especially if they have privileged access to customer data. This can reduce malicious insiders.
 
+Third party auditors can verify the integrity of data through mechanisms such as message authentication codes (MAC) when data is encrypted by a CSU, CSP, or a third party. This method allows third party auditors to check for integrity and authenticity of files by comparing the files stored in the cloud with the source files \cite{wang2010toward}.
 
 
 
 % encryption, access control, third-party audit, isolation, TPM, trust, DoS protection, malicious insiders
 
 
-\cite{liu2015survey,kazim2015survey,kalpana2015brief}
+% \cite{liu2015survey,kazim2015survey,kalpana2015brief}
 
 
 

research.bib

@@ -1156,3 +1156,13 @@ @inproceedings{bakshi2010securing
   year={2010},
   organization={IEEE}
 }
+
+@article{wang2010toward,
+  title={Toward publicly auditable secure cloud data storage services.},
+  author={Wang, Cong and Ren, Kui and Lou, Wenjing and Li, Jin},
+  journal={IEEE network},
+  volume={24},
+  number={4},
+  pages={19--24},
+  year={2010}
+}