Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Journal of Computer Virology and Hacking Techniques
Erschienen in: Journal of Computer Virology and Hacking Techniques 1/2013

01.02.2013 | Original Paper

Technical, legal and ethical dilemmas: distinguishing risks arising from malware and cyber-attack tools in the ‘cloud’—a forensic computing perspective

verfasst von: Vlasti Broucek, Paul Turner

Erschienen in: Journal of Computer Virology and Hacking Techniques | Ausgabe 1/2013

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

While hype around the benefits of ‘cloud computing’increase, challenges in maintaining data security and data privacy have also been recognised as significant vulnerabilities (Ristenpart et al. in Proceedings of the 14th ACM conference on computer and communications security, pp 103–115, 2009; Pearson in CLOUD’09, pp 44–52, 2009; Vouk in J Comput Inf Technol 4:235–246, 2008). These vulnerabilities generate a range of questions relating to the capacity of organisations relying on cloud solutions to effectively manage risk. This has become particularly the case as the threats faced by organisations have moved increasingly away from indiscriminate malware to more targeted cyber-attack tools. From forensic computing perspective it has also been recognised that ‘cloud solutions’ pose additional challenges for forensic computing specialists including discoverability and chain of evidence (Ruan et al. in Adv Digital Forensics VII:35–46, 2011; Reilly et al. in Int J Multimedia Image Process 1:26–34, 2011). However, to date there has been little consideration of how the differences between indiscriminate malware and targeted cyber-attack tools further problematize the capacity of organisations to manage risk. This paper also considers these risks and differentiates between technical, legal and ethical dilemmas posed. The paper also highlights the need for organisations to be aware of these issues when deciding to move to cloud solutions.
Vorheriger Artikel Static vulnerability detection in Java service-oriented components
Nächster Artikel A similarity metric method of obfuscated malware using function-call graph

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Fußnoten
1
Preferred Australian spelling of cyber-attack is used through this paper.
 
2
It is worth noting, that in some jurisdictions, even ownership of such tools can be considered illegal. This can subsequently be detrimental for development of defences against these tools, i.e. antivirus industry.
 
Literatur
1.
Ristenpart, T., Tromert, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 103–115. ACM, New York (2009)
2.
Pearson, S.: Taking account of privacy when designing cloud computing services. In: CLOUD’09, pp. 44–52. IEEE (2009)
3.
Vouk, M.A.: Cloud computing: issues, research and implementations. J. Comput. Inf. Technol. 4, 235–246 (2008)
4.
Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.: Cloud forensics: an overview. Adv. Digital Forensics VII, 35–46 (2011)
5.
Reilly, D., Wren, C., Berry, T.: Cloud computing: Pros and Cons for computer forensic investigations. Int. J. Multimedia Image Process. 1, 26–34 (2011)
6.
Foster, I., Yong, Z., Raicu, I., Lu, S.: Cloud computing and grid computing 360-degree compared. In: Grid Computing Environments Workshop, 2008, GCE ’08, pp. 1–10 (2008)
7.
Mell, P., Grance, T.: The NIST definition of cloud computing. Commun. ACM 53, 50–50 (2010)
8.
Mell, P., Grance, T.: The NIST definition of cloud computing. In: Commerce, U.S.D.o. (ed.) National Institute of Standards and Technology, Gaithersburg, MD (2011)
9.
Dahbur, K., Mohammad, B., Tarakji, A.B.: A survey of risks, threats and vulnerabilities in cloud computing. In: Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications, pp. 1–6. ACM, Amman, Jordan (2011)
10.
11.
12.
Gordon, S., Ford, R.: Cyberterrorism? Comput. Security 21, 636–647 (2002)CrossRef
13.
Gordon, S., Ford, R.: On the definition and classification of cybercrime. J. Comput. Virol. 2, 13–20 (2006)CrossRef
14.
Broucek, V., Turner, P.: Forensic computing: developing a conceptual approach in the era of information warfare. J. Inf. Warfare 1, 95–108 (2001)
15.
16.
17.
18.
Warren, M., Hutchinson, W.: Information warfare and hacking. In: Armstrong, H. (ed.) 5th Australian Security Research Symposium, pp. 195–206. Edith Cowan University, Perth (2001)
19.
Gordon, S., Ford, R.: Computer crime revisited: the evolution of definition and classification. In: Turner, P., Broucek, V. (eds.) Proceedings of the 15th Annual EICAR Conference “Security in the Mobile and Networked World”, pp. 48–59. EICAR, Hamburg (2006)
20.
Denning, D.E.: Information Warfare and Security. Addison-Wesley Longman Ltd, Essex (1999)
21.
Kulish, N.: Germans condemn police use of spyware. New York Times, pp. A.5–A.5, New York (2011)
22.
McCullagh, A., Broache, A.: Will security firms detect police spyware? CNET News. CBC Interactive (2007)
23.
Bodenheimer, D.Z.: Cyberwarfare in the Stuxnet age. Can Cannonball law keep pace with the digital battlefield? The SciTech Lawyer 8 (2012)
24.
Fahs, R.: Position Paper: The Future of AV Testing. EICAR (2010)
25.
Wolfe, J.: Bona fide researcher? In: Gattiker, U.E. (ed.) EICAR Conference Best Paper Proceedings. EICAR, Copenhagen (2003)
26.
Owens, W.A., Dam, K.W., Lin, H.S. (eds.): Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities. The National Academies Press, New York (2009)
27.
Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. Security Privacy IEEE 9, 49–51 (2011)
28.
Masters, G.: Life after Stuxnet. SC Mag. 22, 29–31 (2011)
29.
Chen, T.M., Abu-Nimeh, S.: Lessons from Stuxnet. Computer 44, 91–93 (2011)CrossRef
30.
Vaquero, L.M., Rodero-Merino, L., Caceres, J., Lindner, M.: A break in the clouds: towards a cloud definition. ACM SIGCOMM Comput. Commun. Rev. 39, 50–55 (2009)CrossRef
31.
32.
Higgins, K.J.: Apache issues workarounds for ‘Killer’ attack. Informationweek (2011)
33.
34.
Desnos, A., Erra, R., Filiol, E.: Processor-dependent malware... and codes. eprint arXiv:1011.1638 (2010)
35.
National Cybersecurity and Communications Integration Center: Assessment of Anonymous Threat to ontrol Systems. US Department of Homeland, Security (2011)
36.
Rashid, F.Y.: DHS warns of anonymous cyber-attack tools, planned mass protests. eWeek.com. Ziff Davis Enterprise Inc (2011)
37.
Cawley, C.: Federal Communications Commission Assistance for Online Attacks. Bright Hub Inc (2011)
38.
39.
40.
Prince, B.: Behind the government’s rules of cyber war. Security Week. Wired Business Media (2011)
41.
Wilson, C.: Botnets, cybercrime, and cyberterrorism: vulnerabilities and policy issues for congress. In: Foreign Affairs, Defense, and Trade Division (eds.) Congressional Research Services (2008)
42.
43.
Broucek, V.: “Forensic Computing: Exploring Paradoxes”: an investigation into challenges of digital evidence and implications for emerging responses to criminal, illegal and inappropriate on-line behaviours. School of Computing and Information Systems, vol. PhD. University of Tasmania, Hobart (2009)
44.
Broucek, V., Turner, P.: Considerations for e-forensics: insights into implications of uncoordinated technical, organisational and legal responses to illegal or inappropriate on-line behaviours. Int. Sci. J. Comput. 4, 17–25 (2005)
45.
Broucek, V., Turner, P.: Winning the battles, losing the war? Rethinking methodology for forensic computing research. J. Comput. Virol. 2, 3–12 (2006)CrossRef
46.
Broucek, V., Turner, P., Frings, S.: Music piracy, universities and the Australian Federal Court: issues for forensic computing specialists. Comput. Law Security Rep. 21, 30–37 (2005)CrossRef
47.
Brungs, A., Jamieson, R.: Identification of legal issues for computer forensics. Inf. Syst. Manag. 22, 57–66 (2005)CrossRef
48.
Hannan, M., Frings, S., Broucek, V., Turner, P.: Forensic computing theory& practice: towards developing a methodology for a standardised approach to computer misuse. In: Kinght, S.-A. (ed.) 1st Australian Computer. Network & Information Forensics Conference, Perth, WA, Australia (2003)
49.
Hannan, M., Turner, P.: The last mile: applying traditional methods for perpetrator identification in forensic computing investigations. In: 3rd European Conference on Information Warfare and Security (2004)
50.
Hannan, M., Turner, P., Broucek, V.: Refining the taxonomy of forensic computing in the era of E-crime: insights from a survey of Australian Forensic Computing Investigation (FCI) Teams. In: 4th Australian Information Warfare and IT Security Conference, pp. 151–158, Adelaide, SA, Australia (2003)
51.
Reith, M., Carr, C., Gunsch, G.: An examination of digital forensic models. Int. J. Digital Evidence 1 (2002)
52.
Cornall, R., Black, R.: 2011 Independent Review of the Intelligence Community Report. Commonwealth of Australia, Canberra (2011)
53.
Department of Defense: Department of Defense Cyberspace Policy Report: A Report to Congress Pursuant to the National Defense Authorization Act for Fiscal Year 2011, Section 934. Department of Defense, United States of America (2011)
54.
Department of Defense: Department of Defense Strategy for Operating in Cyberspace. Department of Defense, United States of America (2011)
55.
Carnabuci, C.: The long arm of the USA Patriot Act: tips for Australian Businesses selecting data service providers. Freshfields Bruckhaus Deringer (2011)
Metadaten
Titel
Technical, legal and ethical dilemmas: distinguishing risks arising from malware and cyber-attack tools in the ‘cloud’—a forensic computing perspective
verfasst von
Vlasti Broucek
Paul Turner
Publikationsdatum
01.02.2013
Verlag
Springer Paris
Erschienen in
Journal of Computer Virology and Hacking Techniques / Ausgabe 1/2013
Elektronische ISSN: 2263-8733
DOI
https://doi.org/10.1007/s11416-012-0173-0