Abstract
Cloud-based systems are becoming an increasingly attractive target for malicious attacks. In IaaS environments, malicious attacks on a cloud customer’s virtual machine may affect the customer, who cannot use all diagnostic means that are available in dedicated in-house infrastructures, as well as the cloud provider, due to possible subsequent attacks against the cloud infrastructure and other co-hosted customers. This paper presents an integrated approach towards forensics and incident analysis in IaaS cloud environments. The proposed architecture enables the cloud provider to securely offer forensics services to its customers on a self-service platform. The architecture combines three important analysis techniques and provides significantly better investigation capabilities than existing systems: First, it supports host-based forensics based on virtual machine introspection. Second, it offers live remote capture of network traffic. Third, and most importantly, it provides hybrid combinations of the first two techniques, which enables enhanced analysis capabilities such as support for monitoring encrypted communication.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Srinivasan, D., Rhee, J., Xu, D.: DKSM: Subverting virtual machine introspection for fun and profit. In: 29th IEEE Symposium on Reliable Distributed Systems (SRDS), pp. 82–91 (October 2010)
Birk, D., Wegener, C.: Technical issues of forensic investigations in cloud computing environments. In: Proceedings of the 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, SADFE 2011, pp. 1–10. IEEE Computer Society, Washington, DC (2011)
Dykstra, J., Sherman, A.T.: Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investigation 9, 90–98 (2012)
Dykstra, J., Sherman, A.T.: Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform. Digit. Investig. 10, 87–95 (2013)
Garfinkel, S.: Network forensics: Tapping the internet, http://www.oreillynet.com/pub/a/network/2002/04/26/nettap.html (April 01, 2015)
Gebhardt, T., Reiser, H.P.: Network forensics for cloud computing. In: Dowling, J., Taïani, F. (eds.) DAIS 2013. LNCS, vol. 7891, pp. 29–42. Springer, Heidelberg (2013)
Martini, B., Choo, K.R.: An integrated conceptual digital forensic framework for cloud computing. Digital Investigation 9(2), 71–80 (2012)
Paleari, R., Martignoni, L., Roglia, G.F., Bruschi, D.: A fistful of red-pills: How to automatically generate procedures to detect cpu emulators. In: Proceedings of the 3rd USENIX Conference on Offensive Technologies, WOOT 2009. USENIX Association, Berkeley (2009)
Rocha, F., Abreu, S., Correia, M.: The final frontier: Confidentiality and privacy in the cloud. Computer 44(9), 44–50 (2011)
Schneider, C., Pfoh, J., Eckert, C.: A universal semantic bridge for virtual machine introspection. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 370–373. Springer, Heidelberg (2011)
Shamir, A., van Someren, N.: Playing “hide and seek” with stored keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 118–124. Springer, Heidelberg (1999)
Taylor, M., Haggerty, J., Gresty, D., Lamb, D.: Forensic investigation of cloud computing systems. Netw. Secur. 2011(3), 4–10 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Zach, J., Reiser, H.P. (2015). LiveCloudInspector: Towards Integrated IaaS Forensics in the Cloud. In: Bessani, A., Bouchenak, S. (eds) Distributed Applications and Interoperable Systems. DAIS 2015. Lecture Notes in Computer Science(), vol 9038. Springer, Cham. https://doi.org/10.1007/978-3-319-19129-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-19129-4_17
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19128-7
Online ISBN: 978-3-319-19129-4
eBook Packages: Computer ScienceComputer Science (R0)