research-article

Cloud forensics challenges from a service model standpoint: IaaS, PaaS and SaaS

Authors:
David Freet

Eastern Kentucky University, Richmond, KY

Eastern Kentucky University, Richmond, KY
View Profile

,
Rajeev Agrawal

North Carolina A&T State University, Greensboro, NC

North Carolina A&T State University, Greensboro, NC
View Profile

,
Sherin John

North Carolina A&T State University, Greensboro, NC

North Carolina A&T State University, Greensboro, NC
View Profile

,
Jessie J. Walker

University of Arkansas at Pine Bluff, Pine Bluff, AR

University of Arkansas at Pine Bluff, Pine Bluff, AR
View Profile

MEDES '15: Proceedings of the 7th International Conference on Management of computational and collective intElligence in Digital EcoSystemsOctober 2015Pages 148–155https://doi.org/10.1145/2857218.2857253

Published:25 October 2015Publication History

MEDES '15: Proceedings of the 7th International Conference on Management of computational and collective intElligence in Digital EcoSystems

Pages 148–155

ABSTRACT

Cloud computing is a promising and expanding technology which could replace traditional IT systems. Cloud computing resembles a giant pool of resources which contains hardware, software and related applications, which can be accessed through web-based services on a pay-per-usage model. The main features of the cloud model are accessibility, availability and scalability, and it can be subdivided into three service models: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Cloud computing continues to transform how security challenges are addressed in closed and private networks. Given the advanced functionality offered by cloud computing, network monitoring and digital forensics efforts are potentially detectable and service-interruptive, which significantly impacts the effectiveness and thoroughness of digital forensic methods. This paper presents a general view of cloud computing, which aims to highlight the security issues and vulnerabilities associated with cloud service models. The technology is mainly based on virtualization, where data is always volatile and typically stored in a de-centralized architecture located across various countries and regions. This presents forensics investigators with legal challenges, due to the nature of multi-tenancy and distributed shared resources. This paper examines the three cloud service models and discusses the security challenges and issues involved with each service model along with potential solutions for each.

References

Market Research Media, 2012. Global cloud computing market forecast 2015--2020. Retrieved from: http://www.marketresearchmedia.com/2012/01/08/global-cloud-computing-market/Google Scholar
Zawoad, S., and Hasan, R. 2013. Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems. Masters Thesis. University of Alabama at Birmingham Birmingham, Alabama.Google Scholar
Talbot, Chris (May 1, 2014). Talkin' Bitglass Report: Security Concerns Limit Cloud Adoption. Retrieved from: http://talkincloud.com/cloud-computing-research/050114/bitglass-report-security-concerns-limit-cloud-adoptionGoogle Scholar
Shetty, Sony. 2013. Gartner Says Cloud Computing Will Become the Bulk of New IT Spend by 2016. (October 2013) Retrieved December 12, 2013 from http://www.gartner.com/newsroom/id/2613015.Google Scholar
D. Reilly, C. Wren, and T. Berry, "Cloud computing: Pros and cons for computer forensic investigations," International Journal Multimedia and Image Processing (IJMIP), vol. 1, no. 1, pp. 26--34, 2011Google ScholarCross Ref
P. Mell, and T. Grance, "The NIST definition of cloud computing," 2011.Google Scholar
Jackson, C., Agrawal R., Walker, J. & Grosky, W. 2014. Scenario-based Design for a cloud Forensics Portal. In Proceedings of the IEEE International Symposium on Technologies for Homeland Security, Waltham, MA, USA.Google Scholar
Brodkin, J. (2008). Gartner: Seven cloud-computing security risks. Infoworld, 2008, 1--3.Google Scholar
Zawoad, S., Dutta, A. K., & Hasan, R. (2013, May). SecLaaS: secure logging-as-a-service for cloud forensics. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security (pp. 219--230). ACM. Google ScholarDigital Library
Ruan, K., Baggili, I., Carthy, J., Kechadi, T. 2011. Survey on cloud forensics and critical criteria for cloud forensic capability: A preliminary analysis. ADFSL Conference on Digital Forensics, Security and Law.Google Scholar
Paul, A., Anvekar, K, M., Rishil, J., and Chandra, S, K. 2012. Cyber Forensics in Cloud Computing. Master Thesis. Department of Computer Science and Engineering, NITK, Surathkal, IndiaGoogle Scholar
Birk, D. and Wegener, C. 2011. Technical Issues of Forensic Investigations in Cloud Computing Environments. Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 IEEE Sixth International Workshop, (May 2011), 26--26. Google ScholarDigital Library
Sang, T. (2013, January). A log based approach to make digital forensics easier on cloud computing. In Intelligent System Design and Engineering Applications (ISDEA), 2013 Third International Conference on (pp. 91--94). IEEE. Google ScholarDigital Library
Alvarado, M. D., Agrawal, R., & Baker, Y. (2013, April). Security mechanisms utilized in a secured cloud infrastructure. In Southeastcon, 2013 Proceedings of IEEE (pp. 1--5).Google ScholarCross Ref
Rai, R., Sahoo, G. and Mehfuz, S. "Securing Software as a Service Model of Cloud Computing: Issues and Solutions," arXiv preprint arXiv:1309.2426, 2013.Google Scholar
Dykstra, J., & Sherman, A. T. (2012). Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investigation, 9, S90--S98.Google Scholar
Bouayad, A., Blilat, A., and Ghazi, M, E,. 2012. Cloud computing: Security challenges. 2012. Information Science and Technology (CIST), (Oct. 2012), 22--24.Google Scholar
Subashini. S., and Kavitha, V. 2011. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34.1 (2011): 1--11. Google ScholarDigital Library
Damshenas, M., Ali, D., Ramlan, M., and Shamsuddin, b. 2012. Forensics investigation challenges in cloud computing environments. Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference, (June.2012), 26--28.Google ScholarCross Ref
Dawoud, W., Takouna, I., and Meinel, C,. 2010. Infrastructure as a service security: Challenges and solutions. In Informatics and Systems (INFOS), The 7th International Conference,(2010), 1--8.Google Scholar
Hay, B., Kara, N., and Matt, B. 2011. Storm Clouds Rising: Security Challenges for IaaS Cloud Computing. System Sciences (HICSS), 2011 44th Hawaii International Conference on, (7 Jan. 2011) 4--7. Google ScholarDigital Library
Birk, D. and Wegener, C. Technical issues of forensic investigations in cloud computing environments. Systematic Approaches to Digital Forensic Engineering, 2011. Google ScholarDigital Library
Dykstra, J. and Sherman, A. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. DoD Cyber Crime Conference, January 2012.Google ScholarCross Ref
Marty, R. Cloud application logging for forensics. In In proceedings of the 2011 ACM Symposium on Applied Computing, pages 178--184. ACM, 2011. Google ScholarDigital Library
Zafarullah, Z., Anwar, F. and Anwar, Z. Digital forensics for eucalyptus. In Frontiers of Information Technology (FIT), pages 110--116. IEEE, 2011. Google ScholarDigital Library
Krautheim, F. J. "Private virtual infrastructure for cloud computing," In Proceedings of the 2009 conference on Hot topics in cloud computing (HotCloud'09). USENIX Association, Berkeley, CA, USA. Google ScholarDigital Library
Birk, D. and Wegener, C. 2011. Technical Issues of Forensic Investigations in Cloud Computing Environments. Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 IEEE Sixth International Workshop, (May 2011), 26--26. Google ScholarDigital Library
Sandikkaya, M, T., and Harmanzi, A, E,. 2012. Security Problems of Platform-as-a-Service (PaaS) Clouds and Practical Solutions to the Problems. Reliable Distributed Systems (SRDS), 2012 IEEE 31st Symposium on. IEEE, 2012. Google ScholarDigital Library
Vaultive Inc, 2014. Taking Control of Cloud Data: A Realistic Approach to Encryption of Cloud Data in Use. Retrieved from: http://www.vaultive.com/wp-content/uploads/2013/01/Taking-Control-of-Cloud-Data-A-Realistic-Approach-to-Encryption-of-Cloud-Data-in-Use.pdfGoogle Scholar
Nelson, G., Charles, M., Fernado, R., Marcos, S., Tereza, C., Mats, N. and Makan, P. 2012. A quantitative analysis of current security concerns and solutions for cloud computing. Journal of Cloud Computing 1.1 (2012): 1--18.Google Scholar
CSA (2011) CSA TCI Reference Architecture. https://cloudsecurityalliance. org/wp-content/uploads/2011/11/TCI-Reference-Architecture-1.1.pdfGoogle Scholar
Claycomb, W. R., and Nicoll, A. (2012, July). Insider Threats to Cloud Computing: Directions for New Research Challenges. In Computer Software and Applications Conference (COMPSAC), (2012) 387--394. Google ScholarDigital Library
Shin, D., Akkan, H., Claycomb, W. and Kim, K. 2011. Toward role-based provisioning and access control for infrastructure as a service (IaaS). Journal of Internet Services and Applications, (2011), 243--255.Google ScholarCross Ref
Shin, D., Wang, Y., and Claycomb, W. 2012. A policy-based decentralized authorization management framework for cloud computing. In Proceedings of the 27th Annual ACM Symposium on Applied Computing, 465--470. Google ScholarDigital Library
Höner, P. 2013. Cloud Computing Security Requirements and Solutions: a Systematic Literature Review. Master's Thesis, University of Twente, 7500AE Enschede, The Netherlands.Google Scholar

Recommendations

Cloud Multi-Tenancy: Issues and Developments
UCC '17 Companion: Companion Proceedings of the10th International Conference on Utility and Cloud Computing

Cloud Computing (CC) is a computational paradigm that provides pay-per use services to customers from a pool of networked computing resources that are provided on demand. Customers therefore does not need to worry about infrastructure or storage. Cloud ...
Read More
The KOALA cloud management service: a modern approach for cloud infrastructure management
CloudCP '11: Proceedings of the First International Workshop on Cloud Computing Platforms

While the variety of public and private cloud infrastructure and storage service offerings increases, only few tools exist to efficiently manage hybrid cloud resources of different cloud providers. KOALA is a novel cloud management tool that allows to ...
Read More
Pricing as a Service: Personalized Pricing Strategy in Cloud Computing
CIT '12: Proceedings of the 2012 IEEE 12th International Conference on Computer and Information Technology

Cloud computing is emerging as a model in support of "everything-as-a-service". Virtualized physical resources, virtualized infrastructure, as well as virtualized middleware platforms and business applications are being provided and consumed as services ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
MEDES '15: Proceedings of the 7th International Conference on Management of computational and collective intElligence in Digital EcoSystems
October 2015
271 pages
ISBN:9781450334808
DOI:10.1145/2857218
Conference Chairs:
Richard Chbeir,
Yannis Manolopoulos,
Victor Pellegrini Mammana,
Eduardo Antonio Modena,
Program Chairs:
Agma Traina,
Oscar Salviano,
Youakim Badr,
Frederic Andres
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 25 October 2015
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
IaaS
PaaS
SaaS
cloud computing
cloud forensics
Qualifiers
- research-article
Conference

Acceptance Rates
MEDES '15 Paper Acceptance Rate13of64submissions,20%Overall Acceptance Rate267of682submissions,39%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 19
  Total Citations
  View Citations
- 1,654
  Total Downloads
- Downloads (Last 12 months)143
- Downloads (Last 6 weeks)29
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Cloud forensics challenges from a service model standpoint: IaaS, PaaS and SaaS

MEDES '15: Proceedings of the 7th International Conference on Management of computational and collective intElligence in Digital EcoSystems

ABSTRACT

References

Cited By

Recommendations

Cloud Multi-Tenancy: Issues and Developments

The KOALA cloud management service: a modern approach for cloud infrastructure management

Pricing as a Service: Personalized Pricing Strategy in Cloud Computing