Hard Clues in Soft Environments

2015 ◽

pp. 258-284

Author(s):

Andrea Atzeni ◽

Paolo Smiraglia ◽

Andrea Siringo

Keyword(s):

Digital Forensics ◽

Cloud Environment ◽

Open Problems ◽

Future Directions ◽

Cloud Technology ◽

Cloud Forensics ◽

Security Issues

Cloud forensics is an open and important area of research due to the growing interest in cloud technology. The increasing frequency of digital investigations brings with it the need for studying specific scenarios in the area of forensics, both when evidence are inside the cloud and when the cloud can be used as platform to perform the investigations. In this chapter we highlight the problems digital forensics must deal with in the Cloud. We introduce historical roots of digital forensics, as well as an overall background about the Cloud and we provide possible meanings of cloud forensics, based on available definitions. Since the cloud introduces different architectural paradigm that affects all the phases of a forensics investigation, in this survey we detail many security issues digital forensics have to face in a cloud environment. We describe when and what available solutions exist and, on the contrary, the still open problems, and we discuss possible future directions in this field.

Download Full-text

Designing a Secure Cloud Architecture

International Journal of Information Security and Privacy ◽

10.4018/jisp.2012010102 ◽

2012 ◽

Vol 6 (1) ◽

pp. 14-32 ◽

Cited By ~ 8

Author(s):

Thijs Baars ◽

Marco Spruit

Keyword(s):

Literature Review ◽

Delphi Study ◽

Data Classification ◽

Cloud Environment ◽

Cloud Technology ◽

Security Issues ◽

Cloud Architecture ◽

Basic Framework

Security issues are paramount when considering adoption of any cloud technology. This article proposes the Secure Cloud Architecture (SeCA) model on the basis of data classifications which defines a properly secure cloud architecture by testing the cloud environment on eight attributes. The SeCA model is developed using a literature review and a Delphi study with seventeen experts, consisting of three rounds. The authors integrate the CI3A—an extension on the CIA-triad—to create a basic framework for testing the classification inputted. The data classification is then tested on regional, geo-spatial, delivery, deployment, governance and compliance, network, premise and encryption attributes. After this testing has been executed, a specification for a secure cloud architecture is outputted.

Download Full-text

A Compendium of Cloud Forensics

Advances in Digital Crime, Forensics, and Cyber Terrorism - Critical Concepts, Standards, and Techniques in Cyber Forensics ◽

10.4018/978-1-7998-1558-7.ch012 ◽

2020 ◽

pp. 215-227

Author(s):

Mohd. Akbar ◽

Mohammad Suaib ◽

Mohd. Shahid Husain ◽

Saurabh Shukla

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Cloud Service ◽

Legal Issues ◽

Cloud Environment ◽

Cyber Forensics ◽

Cloud Forensics ◽

Security Issues ◽

Cloud Service Providers ◽

Traditional Approaches

The cloud computing environment is one of the most promising technologies in the development of computing resources. The cloud service providers provide almost every resource for computing to their users through the internet. With all its advantages, cloud computing has major security issues. Especially in the case of public clouds, anyone can misuse the services for performing unlawful activities. The traditional approaches used for cyber forensics and network forensics are not adequate for the cloud environment because of many technical constraints. There is a need for setting up effective countermeasures that can help an investigator to identify and track unlawful activities happened in a cloud environment. Cloud forensics is an emerging area of research where the researchers aim to provide effective digital forensic techniques that help in the investigation of digital crimes in a cloud environment. The cloud environment helps to extract data even from devices that are not physically accessible. However, cloud forensics is not as easy as it seems; a lot of the success depends on the cloud service model implemented in the context. Getting the support of cloud service providers in accessing the potential sources of evidence necessary for investigation is also a major concern. Another critical aspect of cloud forensics is dealing with legal issues. This chapter discusses the basic concepts of cloud forensics, its challenges, and future directions.

Download Full-text

The SeCA Model

Security Engineering for Cloud Computing ◽

10.4018/978-1-4666-2125-1.ch002 ◽

2013 ◽

pp. 19-35 ◽

Cited By ~ 1

Author(s):

Thijs Baars ◽

Marco Spruit

Keyword(s):

Literature Review ◽

Delphi Study ◽

Data Classification ◽

Cloud Environment ◽

Cloud Technology ◽

Security Issues ◽

Cloud Architecture ◽

Basic Framework

Security issues are paramount when considering adoption of any cloud technology. This chapter outlines the Secure Cloud Architecture (SeCA) model on the basis of data classifications, which defines a properly secure cloud architecture by testing the cloud environment on eight attributes. The SeCA model is developed using a literature review and a Delphi study with seventeen experts, consisting of three rounds. The authors integrate the CI3A —an extension on the CIA-triad— to create a basic framework for testing the classification inputted. The data classification is then tested on regional, geo-spatial, delivery, deployment, governance & compliance, network, and premise attributes. After this testing has been executed, a specification for a secure cloud architecture is outputted. The SeCA model is detailed with two example cases on the usage of the model in practice.

Download Full-text

Cloud Forensics : Isolating Cloud Instance

International Research Journal of Electronics and Computer Engineering ◽

10.24178/irjece.2017.3.2.10 ◽

2017 ◽

Vol 3 (2) ◽

pp. 10

Author(s):

Mariam J. AlKandari ◽

Huda F. Al Rasheedi ◽

Ayed A. Salman

Keyword(s):

Cloud Computing ◽

Digital Forensics ◽

File System ◽

File Systems ◽

Distributed File System ◽

Cloud Environment ◽

Apache Hadoop ◽

Cloud Forensics ◽

Hadoop Distributed File System ◽

Do So

Abstract—Cloud computing has been the trending model for storing, accessing and modifying the data over the Internet in the recent years. Rising use of the cloud has generated a new concept related to the cloud which is cloud forensics. Cloud forensics can be defined as investigating for evidence over the cloud, so it can be viewed as a combination of both cloud computing and digital forensics. Many issues of applying forensics in the cloud have been addressed. Isolating the location of the incident has become an essential part of forensic process. This is done to ensure that evidence will not be modified or changed. Isolating an instant in the cloud computing has become even more challenging, due to the nature of the cloud environment. In the cloud, the same storage or virtual machine have been used by many users. Hence, the evidence is most likely will be overwritten and lost. The proposed solution in this paper is to isolate a cloud instance. This can be achieved by marking the instant that reside in the servers as "Under Investigation". To do so, cloud file system must be studied. One of the well-known file systems used in the cloud is Apache Hadoop Distributed File System (HDFS). Thus, in this paper the methodology used for isolating a cloud instance would be based on the HDFS architecture. Keywords: cloud computing; digital forensics; cloud forensics

Download Full-text

Cloud forensics: State-of-the-art and future directions

Digital Investigation ◽

10.1016/j.diin.2016.08.003 ◽

2016 ◽

Vol 18 ◽

pp. 77-78 ◽

Cited By ~ 8

Author(s):

Kim-Kwang Raymond Choo ◽

Martin Herman ◽

Michaela Iorga ◽

Ben Martini

Keyword(s):

State Of The Art ◽

Future Directions ◽

Cloud Forensics

Download Full-text

eTPM: A Trusted Cloud Platform Enclave TPM Scheme Based on Intel SGX Technology

Sensors ◽

10.3390/s18113807 ◽

2018 ◽

Vol 18 (11) ◽

pp. 3807 ◽

Cited By ~ 3

Author(s):

Haonan Sun ◽

Rongyu He ◽

Yong Zhang ◽

Ruiyun Wang ◽

Wai Hung Ip ◽

...

Keyword(s):

Virtual Machines ◽

Trusted Computing ◽

Information Leakage ◽

Research Topic ◽

Cloud Environment ◽

Cloud Platform ◽

Computing Technology ◽

Security Issues ◽

Runtime Environment ◽

Cloud Users

Today cloud computing is widely used in various industries. While benefiting from the services provided by the cloud, users are also faced with some security issues, such as information leakage and data tampering. Utilizing trusted computing technology to enhance the security mechanism, defined as trusted cloud, has become a hot research topic in cloud security. Currently, virtual TPM (vTPM) is commonly used in a trusted cloud to protect the integrity of the cloud environment. However, the existing vTPM scheme lacks protections of vTPM itself at a runtime environment. This paper proposed a novel scheme, which designed a new trusted cloud platform security component, ‘enclave TPM (eTPM)’ to protect cloud and employed Intel SGX to enhance the security of eTPM. The eTPM is a software component that emulates TPM functions which build trust and security in cloud and runs in ‘enclave’, an isolation memory zone introduced by SGX. eTPM can ensure its security at runtime, and protect the integrity of Virtual Machines (VM) according to user-specific policies. Finally, a prototype for the eTPM scheme was implemented, and experiment manifested its effectiveness, security, and availability.

Download Full-text

Big Data Processing Security Issues in Cloud Environment

Advances in Computing Systems and Applications - Lecture Notes in Networks and Systems ◽

10.1007/978-3-319-98352-3_4 ◽

2018 ◽

pp. 27-36

Author(s):

Imene Bouleghlimat ◽

Salima Hacini

Keyword(s):

Big Data ◽

Data Processing ◽

Cloud Environment ◽

Big Data Processing ◽

Security Issues

Download Full-text

Experiences with Cloud Technology to Realize Software Testing Factories

Cloud Technology ◽

10.4018/978-1-4666-6539-2.ch032 ◽

2015 ◽

pp. 689-715

Author(s):

Alan W. Brown

Keyword(s):

Software Testing ◽

Software Quality ◽

Real World ◽

Enterprise Software ◽

Future Directions ◽

Cloud Technology ◽

Delivery Approach ◽

Intended Use ◽

Testing Efficiency

In enterprise software delivery, the pursuit of software quality takes place in the context of a fundamental paradox: balancing the flexibility that drives speed of delivery with the rigor required to verify that what is being delivered is complete, correct, and appropriate for its intended use. One common approach to address this concern is to create “software testing factories” with the aim of increasing testing efficiency by standardizing and speeding up delivery of testing services. To achieve this balance, software testing factories are turning to cloud-based infrastructures as an essential delivery approach. Cloud technology exhibits characteristics that make adoption of software testing factories particularly attractive: elasticity of resources, ease of deployment, and flexible pricing. In this chapter, the author examines the role and structure of software testing factories and their realization using cloud technology, illustrates those concepts using real world examples, and concludes with some observations and a discussion on future directions.

Download Full-text

Role of Security Mechanisms in the Building Blocks of the Cloud Infrastructure

Applications of Security, Mobile, Analytic, and Cloud (SMAC) Technologies for Effective Information Processing and Management - Advances in Computer and Electrical Engineering ◽

10.4018/978-1-5225-4044-1.ch001 ◽

2018 ◽

pp. 1-23

Author(s):

Kowsigan Mohan ◽

P. Balasubramanie Palanisamy ◽

G.R. Kanagachidambaresan ◽

Siddharth Rajesh ◽

Sneha Narendran

Keyword(s):

Building Blocks ◽

Vital Role ◽

Cloud Provider ◽

Scheduling Problems ◽

Cloud Environment ◽

Security Measures ◽

Cloud Infrastructure ◽

Security Issues

This chapter describes how security plays a vital role in cloud computing, as the name itself specifies the data can be stored from any place and can be owned by anyone. Even though the cloud offers many benefits such as flexibility, scalability and agility, security issues are still backlog the cloud infrastructure. Much research is being done on cloud security equal to the scheduling problems in the cloud environment. The customers under the cloud providers are very concerned about their data, which has been stored in the cloud environment. In this regard, it is essential for a cloud provider to implement some powerful tools for security, to provide a secure cloud infrastructure to the customers. Generally speaking, there are some foundational needs to be attained and some actions to be combined to ensure data security in both cloud, as well as, non-cloud infrastructure. This book chapter concentrates only on the security issues, security measures, security mechanisms, and security tools of the cloud environment.

Download Full-text