ABSTRACT
Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. Analyzing various logs (e.g., process logs, network logs) plays a vital role in computer forensics. Unfortunately, collecting logs from a cloud is very hard given the black-box nature of clouds and the multi-tenant cloud models, where many users share the same processing and network resources. Researchers have proposed using log API or cloud management console to mitigate the challenges of collecting logs from cloud infrastructure. However, there has been no concrete work, which shows how to provide cloud logs to investigator while preserving users' privacy and integrity of the logs. In this paper, we introduce Secure-Logging-as-a-Service (SecLaaS), which stores virtual machines' logs and provides access to forensic investigators ensuring the confidentiality of the cloud users. Additionally, SeclaaS preserves proofs of past log and thus protects the integrity of the logs from dishonest investigators or cloud providers. Finally, we evaluate the feasibility of the scheme by implementing SecLaaS for network access logs in OpenStack -- a popular open source cloud platform.
- R. Accorsi. On the relationship of privacy and secure remote logging in dynamic systems. In Security and Privacy in Dynamic Environments, volume 201, pages 329--339. Springer US, 2006.Google ScholarCross Ref
- Amazon. Zeus botnet controller. http://aws.amazon.com/security/security-bulletins/zeus-botnet-controller/. {Accessed July 5th, 2012}.Google Scholar
- AWS. Amazon web services. http://aws.amazon.com. {Accessed July 5th, 2012}.Google Scholar
- J. Mare. One-way accumulators: A decentralized alternative to digital signatures. In Advances in Cryptology, pages 274--285. Springer, 1994. Google Scholar
- D. Birk and C. Wegener. Technical issues of forensic investigatinos in cloud computing environments. Systematic Approaches to Digital Forensic Engineering, 2011. Google ScholarDigital Library
- B. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7):422--426, 1970. Google ScholarDigital Library
- Centers for Medicare and Medicaid Services. The health insurance portability and accountability act of 1996 (hipaa). http://www.cms.hhs.gov/hipaa/, 1996. {Accessed July 5th, 2012}.Google Scholar
- Clavister. Security in the cloud. http://www.clavister.com/documents/resources/white-papers/clavister-whp-security-in-the-cloud-gb.pdf. {Accessed July 5th, 2012}.Google Scholar
- Congress of the United States. Sarbanes-Oxley Act. http://thomas.loc.gov, 2002. {Accessed July 5th, 2012}.Google Scholar
- J. Dykstra and A. Sherman. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. DoD Cyber Crime Conference, January 2012.Google ScholarCross Ref
- FBI. Annualreport for fiscal year 2007. 2008 Regional Computer Forensics Laboratory Program, 2008. {Accessed July 5th, 2012}.Google Scholar
- Gartner. Worldwide cloud services market to surpass $68 billion in 2010. http://www.gartner.com/it/page.jsp?id=1389313, 2010. {Accessed July 5th, 2012}.Google Scholar
- M. Goodrich, R. Tamassia, and J. Hasić. An efficient dynamic and distributed cryptographic accumulator. Information Security, pages 372--388, 2002. Google ScholarDigital Library
- G. Grispos, T. Storer, and W. Glisson. Calm before the storm: The challenges of cloud computing in digital forensics. International Journal of Digital Crime and Forensics (IJDCF), 2012.Google ScholarCross Ref
- INPUT. Evolution of the cloud: The future of cloud computing in government. http://iq.govwin.com/corp/library/detail.cfm?ItemID=8448&cmp=OTC-cloudcomputingma042009, 2009. {Accessed July 5th, 2012}.Google Scholar
- K. Kent, S. Chevalier, T. Grance, and H. Dang. Guide to integrating forensic techniques into incident response. NIST Special Publication, pages 800--86, 2006.Google ScholarCross Ref
- A. Khajeh-Hosseini, D. Greenwood, and I. Sommerville. Cloud migration: A case study of migrating an enterprise it system to iaas. In proceedings of the 3rd International Conference on Cloud Computing (CLOUD), pages 450--457. IEEE, 2010. Google ScholarDigital Library
- D. Lunn. Computer forensics?an overview. SANS Institute, 2002, 2000.Google Scholar
- D. Ma and G. Tsudik. A new approach to secure logging. Trans. Storage, 5(1):2:1--2:21, Mar. 2009. Google ScholarDigital Library
- Market Research Media. Global cloud computing market forecast 2015-2020. http://www.marketresearchmedia.com/2012/01/08/global-cloud-computing-market/. {Accessed July 5th, 2012}.Google Scholar
- R. Marty. Cloud application logging for forensics. In In proceedings of the 2011 ACM Symposium on Applied Computing, pages 178--184. ACM, 2011. Google ScholarDigital Library
- D. Reilly, C. Wren, and T. Berry. Cloud computing: Pros and cons for computer forensic investigations. 2011Google Scholar
- T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, pages 199--212. ACM, 2009. Google ScholarDigital Library
- J. Robbins. An explanation of computer forensics. National Forensics Center, 774:10--143, 2008.Google Scholar
- K. Ruan, J. Carthy, T. Kechadi, and M. Crosbie. Cloud forensics: An overview. In proceedings of the 7th IFIP International Conference on Digital Forensics, 2011.Google Scholar
- B. Schneier and J. Kelsey. Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur., 2(2):159--176, May 1999. Google ScholarDigital Library
- M. Taylor, J. Haggerty, D. Gresty, and R. Hegarty. Digital evidence in cloud computing systems. Computer Law & Security Review, 26(3):304--308, 2010.Google ScholarCross Ref
- Tikal. Experimenting with OpenStack Essex on Ubuntu 12.04 LTS under VirtualBox. http://bit.ly/LFsVUY, 2012. {Accessed November 30th, 2012}.Google Scholar
- J. Vacca. Computer forensics: computer crime scene investigation, volume 1. Delmar Thomson Learning, 2005. Google ScholarDigital Library
- J. Wiles, K. Cardwell, and A. Reyes. The best damn cybercrime and digital forensics book period. Syngress Media Inc, 2007. Google ScholarDigital Library
- A. Yavuz and P. Ning. Baf: An efficient publicly verifiable secure audit logging scheme for distributed systems. In Computer Security Applications Conference, 2009. ACSAC ?09. Annual, pages 219--228, dec. 2009. Google ScholarDigital Library
- Z. Zafarullah, F. Anwar, and Z. Anwar. Digital forensics for eucalyptus. In Frontiers of Information Technology (FIT), pages 110--116. IEEE, 2011. Google ScholarDigital Library
Index Terms
- SecLaaS: secure logging-as-a-service for cloud forensics
Recommendations
Cloud forensics challenges from a service model standpoint: IaaS, PaaS and SaaS
MEDES '15: Proceedings of the 7th International Conference on Management of computational and collective intElligence in Digital EcoSystemsCloud computing is a promising and expanding technology which could replace traditional IT systems. Cloud computing resembles a giant pool of resources which contains hardware, software and related applications, which can be accessed through web-based ...
Design of a Forensic Enabled Secure Cloud Logging
ICDCN '20: Proceedings of the 21st International Conference on Distributed Computing and NetworkingAdoption of cloud computing services greatly reduce the cost of managing businesses and increase the productivity. But, due to complex network configurations of cloud, it is a vector for various malicious attacks. Logs are the most valuable element ...
Fog Computing: Issues and Challenges in Security and Forensics
COMPSAC '15: Proceedings of the 2015 IEEE 39th Annual Computer Software and Applications Conference - Volume 03Although Fog Computing is defined as the extension of the Cloud Computing paradigm, its distinctive characteristics in the location sensitivity, wireless connectivity, and geographical accessibility create new security and forensics issues and ...
Comments