research-article

SecLaaS: secure logging-as-a-service for cloud forensics

Authors:
Shams Zawoad

University of Alabama at Birmingham, Birmingham, AL, USA

University of Alabama at Birmingham, Birmingham, AL, USA
View Profile

,
Amit Kumar Dutta

University of Alabama at Birmingham, Birmingham, AL, USA

University of Alabama at Birmingham, Birmingham, AL, USA
View Profile

,
Ragib Hasan

University of Alabama at Birmingham, Birmingham, AL, USA

University of Alabama at Birmingham, Birmingham, AL, USA
View Profile

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications securityMay 2013Pages 219–230https://doi.org/10.1145/2484313.2484342

Published:08 May 2013Publication History

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

Pages 219–230

ABSTRACT

Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. Analyzing various logs (e.g., process logs, network logs) plays a vital role in computer forensics. Unfortunately, collecting logs from a cloud is very hard given the black-box nature of clouds and the multi-tenant cloud models, where many users share the same processing and network resources. Researchers have proposed using log API or cloud management console to mitigate the challenges of collecting logs from cloud infrastructure. However, there has been no concrete work, which shows how to provide cloud logs to investigator while preserving users' privacy and integrity of the logs. In this paper, we introduce Secure-Logging-as-a-Service (SecLaaS), which stores virtual machines' logs and provides access to forensic investigators ensuring the confidentiality of the cloud users. Additionally, SeclaaS preserves proofs of past log and thus protects the integrity of the logs from dishonest investigators or cloud providers. Finally, we evaluate the feasibility of the scheme by implementing SecLaaS for network access logs in OpenStack -- a popular open source cloud platform.

References

R. Accorsi. On the relationship of privacy and secure remote logging in dynamic systems. In Security and Privacy in Dynamic Environments, volume 201, pages 329--339. Springer US, 2006.Google ScholarCross Ref
Amazon. Zeus botnet controller. http://aws.amazon.com/security/security-bulletins/zeus-botnet-controller/. {Accessed July 5th, 2012}.Google Scholar
AWS. Amazon web services. http://aws.amazon.com. {Accessed July 5th, 2012}.Google Scholar
J. Mare. One-way accumulators: A decentralized alternative to digital signatures. In Advances in Cryptology, pages 274--285. Springer, 1994. Google Scholar
D. Birk and C. Wegener. Technical issues of forensic investigatinos in cloud computing environments. Systematic Approaches to Digital Forensic Engineering, 2011. Google ScholarDigital Library
B. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7):422--426, 1970. Google ScholarDigital Library
Centers for Medicare and Medicaid Services. The health insurance portability and accountability act of 1996 (hipaa). http://www.cms.hhs.gov/hipaa/, 1996. {Accessed July 5th, 2012}.Google Scholar
Clavister. Security in the cloud. http://www.clavister.com/documents/resources/white-papers/clavister-whp-security-in-the-cloud-gb.pdf. {Accessed July 5th, 2012}.Google Scholar
Congress of the United States. Sarbanes-Oxley Act. http://thomas.loc.gov, 2002. {Accessed July 5th, 2012}.Google Scholar
J. Dykstra and A. Sherman. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. DoD Cyber Crime Conference, January 2012.Google ScholarCross Ref
FBI. Annualreport for fiscal year 2007. 2008 Regional Computer Forensics Laboratory Program, 2008. {Accessed July 5th, 2012}.Google Scholar
Gartner. Worldwide cloud services market to surpass $68 billion in 2010. http://www.gartner.com/it/page.jsp?id=1389313, 2010. {Accessed July 5th, 2012}.Google Scholar
M. Goodrich, R. Tamassia, and J. Hasić. An efficient dynamic and distributed cryptographic accumulator. Information Security, pages 372--388, 2002. Google ScholarDigital Library
G. Grispos, T. Storer, and W. Glisson. Calm before the storm: The challenges of cloud computing in digital forensics. International Journal of Digital Crime and Forensics (IJDCF), 2012.Google ScholarCross Ref
INPUT. Evolution of the cloud: The future of cloud computing in government. http://iq.govwin.com/corp/library/detail.cfm?ItemID=8448&cmp=OTC-cloudcomputingma042009, 2009. {Accessed July 5th, 2012}.Google Scholar
K. Kent, S. Chevalier, T. Grance, and H. Dang. Guide to integrating forensic techniques into incident response. NIST Special Publication, pages 800--86, 2006.Google ScholarCross Ref
A. Khajeh-Hosseini, D. Greenwood, and I. Sommerville. Cloud migration: A case study of migrating an enterprise it system to iaas. In proceedings of the 3rd International Conference on Cloud Computing (CLOUD), pages 450--457. IEEE, 2010. Google ScholarDigital Library
D. Lunn. Computer forensics?an overview. SANS Institute, 2002, 2000.Google Scholar
D. Ma and G. Tsudik. A new approach to secure logging. Trans. Storage, 5(1):2:1--2:21, Mar. 2009. Google ScholarDigital Library
Market Research Media. Global cloud computing market forecast 2015-2020. http://www.marketresearchmedia.com/2012/01/08/global-cloud-computing-market/. {Accessed July 5th, 2012}.Google Scholar
R. Marty. Cloud application logging for forensics. In In proceedings of the 2011 ACM Symposium on Applied Computing, pages 178--184. ACM, 2011. Google ScholarDigital Library
D. Reilly, C. Wren, and T. Berry. Cloud computing: Pros and cons for computer forensic investigations. 2011Google Scholar
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, pages 199--212. ACM, 2009. Google ScholarDigital Library
J. Robbins. An explanation of computer forensics. National Forensics Center, 774:10--143, 2008.Google Scholar
K. Ruan, J. Carthy, T. Kechadi, and M. Crosbie. Cloud forensics: An overview. In proceedings of the 7th IFIP International Conference on Digital Forensics, 2011.Google Scholar
B. Schneier and J. Kelsey. Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur., 2(2):159--176, May 1999. Google ScholarDigital Library
M. Taylor, J. Haggerty, D. Gresty, and R. Hegarty. Digital evidence in cloud computing systems. Computer Law & Security Review, 26(3):304--308, 2010.Google ScholarCross Ref
Tikal. Experimenting with OpenStack Essex on Ubuntu 12.04 LTS under VirtualBox. http://bit.ly/LFsVUY, 2012. {Accessed November 30th, 2012}.Google Scholar
J. Vacca. Computer forensics: computer crime scene investigation, volume 1. Delmar Thomson Learning, 2005. Google ScholarDigital Library
J. Wiles, K. Cardwell, and A. Reyes. The best damn cybercrime and digital forensics book period. Syngress Media Inc, 2007. Google ScholarDigital Library
A. Yavuz and P. Ning. Baf: An efficient publicly verifiable secure audit logging scheme for distributed systems. In Computer Security Applications Conference, 2009. ACSAC ?09. Annual, pages 219--228, dec. 2009. Google ScholarDigital Library
Z. Zafarullah, F. Anwar, and Z. Anwar. Digital forensics for eucalyptus. In Frontiers of Information Technology (FIT), pages 110--116. IEEE, 2011. Google ScholarDigital Library

Index Terms

SecLaaS: secure logging-as-a-service for cloud forensics

Recommendations

Cloud forensics challenges from a service model standpoint: IaaS, PaaS and SaaS
MEDES '15: Proceedings of the 7th International Conference on Management of computational and collective intElligence in Digital EcoSystems

Cloud computing is a promising and expanding technology which could replace traditional IT systems. Cloud computing resembles a giant pool of resources which contains hardware, software and related applications, which can be accessed through web-based ...
Read More
Design of a Forensic Enabled Secure Cloud Logging
ICDCN '20: Proceedings of the 21st International Conference on Distributed Computing and Networking

Adoption of cloud computing services greatly reduce the cost of managing businesses and increase the productivity. But, due to complex network configurations of cloud, it is a vector for various malicious attacks. Logs are the most valuable element ...
Read More
Fog Computing: Issues and Challenges in Security and Forensics
COMPSAC '15: Proceedings of the 2015 IEEE 39th Annual Computer Software and Applications Conference - Volume 03

Although Fog Computing is defined as the extension of the Cloud Computing paradigm, its distinctive characteristics in the location sensitivity, wireless connectivity, and geographical accessibility create new security and forensics issues and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
May 2013
574 pages
ISBN:9781450317672
DOI:10.1145/2484313
General Chairs:
Kefei Chen
Shanghai Jiao Tong University, China
,
Qi Xie
Hangzhou Normal University, China
,
Weidong Qiu
Shanghai Jiao Tong University, China
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Wen-Guey Tzeng
National Chiao Tung University, Taiwan
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 May 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
cloud forensics
cloud security
forensic investigation
logging-as-a-service
Qualifiers
- research-article
Conference

Acceptance Rates
ASIA CCS '13 Paper Acceptance Rate35of216submissions,16%Overall Acceptance Rate418of2,322submissions,18%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 89
  Total Citations
  View Citations
- 1,503
  Total Downloads
- Downloads (Last 12 months)49
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

SecLaaS: secure logging-as-a-service for cloud forensics

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Cloud forensics challenges from a service model standpoint: IaaS, PaaS and SaaS

Design of a Forensic Enabled Secure Cloud Logging

Fog Computing: Issues and Challenges in Security and Forensics